ALT-BU-2023-2574-2
Branch p10 update bulletin.
Package docs-alt-server-v updated to version 10.1-alt5 for branch p10 in task 314209.
Closed bugs
Лишняя запятая в аннотации к главе 37
Ожидающее изменение темно-оранжевое, а не красное в разделе 40.3.1. Изменение настроек в веб-интерфейсе
Тире вместо дефиса в команде в разделе 40.3.2. Настройка ресурсов в командной строке
Неверная формулировка в скобках для вкладки DNS в разделе 40.1. Создание контейнера в графическом интерфейсе
Улучшить описание команды увеличения размера диска в разделе 40.3.2. Настройка ресурсов в командной строке
Улучшить описание MAC-адресов в разделе 40.1. Создание контейнера в графическом интерфейсе
NFC → NFS в разделе 37.3.4. NFS
Добавить Disk Action в описание изменения диска в разделы 39.5.3, 39.5.4
Добавить Volume Action в описание изменения корневого диска в раздел 40.3.1. Изменение настроек в веб-интерфейсе
Лишняя запятая в разделе 60.1. Конфигурирование сетевых интерфейсов для поля Имя компьютера
Неверное сочетание "добавлен / сгенерирован" в разделе 26.5. Ключи для доступа по SSH
Closed bugs
Невозможно собрать перевод
Package kf5-kimageformats updated to version 5.102.0-alt1 for branch p10 in task 313653.
Closed bugs
kimageformats собран без поддержки heif
Package kernel-image-un-def updated to version 5.15.94-alt1 for branch p10 in task 315252.
Closed vulnerabilities
BDU:2023-01205
Уязвимость функции rds_rm_zerocopy_callback() в модуле net/rds/message.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-05-05
CVE-2023-1078
A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.
- [oss-security] 20231105 CVE-2023-1078: Linux: rds_rm_zerocopy_callback() bugs
- [oss-security] 20231105 CVE-2023-1078: Linux: rds_rm_zerocopy_callback() bugs
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- https://security.netapp.com/advisory/ntap-20230505-0004/
- https://security.netapp.com/advisory/ntap-20230505-0004/
Closed bugs
Кривой desktop-файл
Package java-11-openjdk updated to version 11.0.18.0.10-alt1_1jpp11 for branch p10 in task 314966.
Closed vulnerabilities
BDU:2023-00510
Уязвимость компонента JSSE программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-02179
Уязвимость компонента JSSE программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю раскрыть защищаемую информацию или создать, удалить или изменить доступ к данным
BDU:2023-02495
Уязвимость компонента Networking программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю манипулировать данными
BDU:2023-02496
Уязвимость компонента Libraries программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
BDU:2023-02497
Уязвимость компонента Swing программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю манипулировать данными
BDU:2023-02501
Уязвимость компонента Hotspot программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2023-02504
Уязвимость компонента JSSE программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-02505
Уязвимость компонента Libraries программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
BDU:2023-03640
Уязвимость компонента Sound программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
BDU:2023-05188
Уязвимость компонента JGSS программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
BDU:2023-05192
Уязвимость компонента Security программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
BDU:2023-05202
Уязвимость компонента JNDI программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
BDU:2023-05205
Уязвимость компонента Security программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-05213
Уязвимость компонента Lightweight HTTP Server программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-05215
Уязвимость компонента Networking программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
Modified: 2024-11-21
CVE-2022-21618
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
- FEDORA-2022-5d494ab9ab
- FEDORA-2022-5d494ab9ab
- FEDORA-2022-d989953883
- FEDORA-2022-d989953883
- FEDORA-2022-1c07902a5e
- FEDORA-2022-1c07902a5e
- FEDORA-2022-f76014ae17
- FEDORA-2022-f76014ae17
- https://security.gentoo.org/glsa/202401-25
- https://security.gentoo.org/glsa/202401-25
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://www.oracle.com/security-alerts/cpuoct2022.html
Modified: 2024-11-21
CVE-2022-21619
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
- FEDORA-2022-5d494ab9ab
- FEDORA-2022-5d494ab9ab
- FEDORA-2022-d989953883
- FEDORA-2022-d989953883
- FEDORA-2022-1c07902a5e
- FEDORA-2022-1c07902a5e
- FEDORA-2022-f76014ae17
- FEDORA-2022-f76014ae17
- FEDORA-2022-361f34f2a9
- FEDORA-2022-361f34f2a9
- FEDORA-2022-b050ae8974
- FEDORA-2022-b050ae8974
- https://security.gentoo.org/glsa/202401-25
- https://security.gentoo.org/glsa/202401-25
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://www.oracle.com/security-alerts/cpuoct2022.html
Modified: 2024-11-21
CVE-2022-21624
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
- FEDORA-2022-5d494ab9ab
- FEDORA-2022-5d494ab9ab
- FEDORA-2022-d989953883
- FEDORA-2022-d989953883
- FEDORA-2022-1c07902a5e
- FEDORA-2022-1c07902a5e
- FEDORA-2022-f76014ae17
- FEDORA-2022-f76014ae17
- FEDORA-2022-361f34f2a9
- FEDORA-2022-361f34f2a9
- FEDORA-2022-b050ae8974
- FEDORA-2022-b050ae8974
- https://security.gentoo.org/glsa/202401-25
- https://security.gentoo.org/glsa/202401-25
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://www.oracle.com/security-alerts/cpuoct2022.html
Modified: 2024-11-21
CVE-2022-21626
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
- FEDORA-2022-d989953883
- FEDORA-2022-d989953883
- FEDORA-2022-1c07902a5e
- FEDORA-2022-1c07902a5e
- FEDORA-2022-361f34f2a9
- FEDORA-2022-361f34f2a9
- FEDORA-2022-b050ae8974
- FEDORA-2022-b050ae8974
- https://security.gentoo.org/glsa/202401-25
- https://security.gentoo.org/glsa/202401-25
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://www.oracle.com/security-alerts/cpuoct2022.html
Modified: 2024-11-21
CVE-2022-21628
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
- FEDORA-2022-5d494ab9ab
- FEDORA-2022-5d494ab9ab
- FEDORA-2022-d989953883
- FEDORA-2022-d989953883
- FEDORA-2022-1c07902a5e
- FEDORA-2022-1c07902a5e
- FEDORA-2022-f76014ae17
- FEDORA-2022-f76014ae17
- FEDORA-2022-361f34f2a9
- FEDORA-2022-361f34f2a9
- FEDORA-2022-b050ae8974
- FEDORA-2022-b050ae8974
- https://security.gentoo.org/glsa/202401-25
- https://security.gentoo.org/glsa/202401-25
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://www.oracle.com/security-alerts/cpuoct2022.html
Modified: 2024-11-21
CVE-2022-39399
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
- FEDORA-2022-5d494ab9ab
- FEDORA-2022-5d494ab9ab
- FEDORA-2022-f76014ae17
- FEDORA-2022-f76014ae17
- https://security.gentoo.org/glsa/202401-25
- https://security.gentoo.org/glsa/202401-25
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://www.oracle.com/security-alerts/cpuoct2022.html
Modified: 2024-11-21
CVE-2023-21835
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Modified: 2024-11-21
CVE-2023-21843
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Modified: 2024-11-21
CVE-2023-21930
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://www.couchbase.com/alerts/
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5478
- https://www.debian.org/security/2023/dsa-5478
- Oracle Advisory
- Oracle Advisory
Modified: 2024-11-21
CVE-2023-21937
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://www.couchbase.com/alerts/
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5478
- https://www.debian.org/security/2023/dsa-5478
- Oracle Advisory
- Oracle Advisory
Modified: 2024-11-21
CVE-2023-21938
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://www.couchbase.com/alerts/
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5478
- https://www.debian.org/security/2023/dsa-5478
- Oracle Advisory
- Oracle Advisory
Modified: 2024-11-21
CVE-2023-21939
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://www.couchbase.com/alerts/
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5478
- https://www.debian.org/security/2023/dsa-5478
- Oracle Advisory
- Oracle Advisory
Modified: 2024-11-21
CVE-2023-21954
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://www.couchbase.com/alerts/
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5478
- https://www.debian.org/security/2023/dsa-5478
- Oracle Advisory
- Oracle Advisory
Modified: 2024-11-21
CVE-2023-21967
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://www.couchbase.com/alerts/
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5478
- https://www.debian.org/security/2023/dsa-5478
- Oracle Advisory
- Oracle Advisory
Modified: 2024-11-21
CVE-2023-21968
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://www.couchbase.com/alerts/
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5478
- https://www.debian.org/security/2023/dsa-5478
- Oracle Advisory
- Oracle Advisory