Red Hat Security Advisory: java-1.8.0-openjdk security update Advisory ID: SLSA-2023:5761 Issue Date: 2023-10-18 CVE Numbers: CVE-2023-22067 CVE-2023-22081 -- The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067) * OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) Bug Fix(es): * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 11.0.20 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 11.0.20.1, increases it to 16 MB. (RHEL-13576) * The /usr/bin/jfr alternative is now owned by the java-1.8.0-openjdk package (RHEL-11319) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5761 -- SL7 srpm java-1.8.0-openjdk-1:1.8.0.392.b08-2.el7_9.src x86_64 java-1.8.0-openjdk-1:1.8.0.392.b08-2.el7_9.x86_64 i386 java-1.8.0-openjdk-1:1.8.0.392.b08-2.el7_9.i686 noarch java-1.8.0-openjdk-javadoc-1:1.8.0.392.b08-2.el7_9.noarch - Scientific Linux Development Team