ALAS2-2023-1963

Amazon Linux 2 Security Advisory: ALAS-2023-1963
Advisory Release Date: 2023-02-17 00:12 Pacific
Advisory Updated Date: 2023-02-22 01:53 Pacific
Severity: Medium
Issue Overview:

Improve CORBA communication: CORBA deserialization can result in outbound network connections with data passed in. (CVE-2023-21830)


Affected Packages:

java-1.8.0-openjdk


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update java-1.8.0-openjdk to update your system.

New Packages:
aarch64:
    java-1.8.0-openjdk-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-debug-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-headless-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-headless-debug-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-devel-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-devel-debug-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-demo-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-demo-debug-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-src-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-src-debug-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-accessibility-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-accessibility-debug-1.8.0.362.b08-1.amzn2.0.1.aarch64
    java-1.8.0-openjdk-debuginfo-1.8.0.362.b08-1.amzn2.0.1.aarch64

i686:
    java-1.8.0-openjdk-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-debug-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-headless-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-headless-debug-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-devel-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-devel-debug-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-demo-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-demo-debug-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-src-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-src-debug-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-accessibility-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-accessibility-debug-1.8.0.362.b08-1.amzn2.0.1.i686
    java-1.8.0-openjdk-debuginfo-1.8.0.362.b08-1.amzn2.0.1.i686

noarch:
    java-1.8.0-openjdk-javadoc-1.8.0.362.b08-1.amzn2.0.1.noarch
    java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b08-1.amzn2.0.1.noarch
    java-1.8.0-openjdk-javadoc-debug-1.8.0.362.b08-1.amzn2.0.1.noarch
    java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.362.b08-1.amzn2.0.1.noarch

src:
    java-1.8.0-openjdk-1.8.0.362.b08-1.amzn2.0.1.src

x86_64:
    java-1.8.0-openjdk-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-debug-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-headless-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-headless-debug-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-devel-debug-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-demo-debug-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-src-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-src-debug-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-accessibility-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-accessibility-debug-1.8.0.362.b08-1.amzn2.0.1.x86_64
    java-1.8.0-openjdk-debuginfo-1.8.0.362.b08-1.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2023-21830

Mitre: CVE-2023-21830