

# Critical Photon OS Security Update

## Summary
  
Advisory Id     : PHSA-2023-4.0-0413
  
Type            : Security
  
Severity        : ['Critical', 'Important', 'Moderate', 'Low']
  
Issue date      : 2023-06-19
  
Affected Release: 4.0

## Details
  
Updates of ['openjdk8'] packages of Photon OS have been released.
## Affected Packages

### Critical
  
openjdk8 - ['[CVE-2017-10111](https://nvd.nist.gov/vuln/detail/CVE-2017-10111)', '[CVE-2014-2397](https://nvd.nist.gov/vuln/detail/CVE-2014-2397)', '[CVE-2017-10090](https://nvd.nist.gov/vuln/detail/CVE-2017-10090)', '[CVE-2017-10087](https://nvd.nist.gov/vuln/detail/CVE-2017-10087)', '[CVE-2014-2410](https://nvd.nist.gov/vuln/detail/CVE-2014-2410)', '[CVE-2014-0461](https://nvd.nist.gov/vuln/detail/CVE-2014-0461)', '[CVE-2014-0429](https://nvd.nist.gov/vuln/detail/CVE-2014-0429)', '[CVE-2014-2421](https://nvd.nist.gov/vuln/detail/CVE-2014-2421)', '[CVE-2017-10096](https://nvd.nist.gov/vuln/detail/CVE-2017-10096)', '[CVE-2012-1723](https://nvd.nist.gov/vuln/detail/CVE-2012-1723)', '[CVE-2017-10089](https://nvd.nist.gov/vuln/detail/CVE-2017-10089)', '[CVE-2017-10102](https://nvd.nist.gov/vuln/detail/CVE-2017-10102)', '[CVE-2013-2465](https://nvd.nist.gov/vuln/detail/CVE-2013-2465)', '[CVE-2015-2590](https://nvd.nist.gov/vuln/detail/CVE-2015-2590)', '[CVE-2017-10107](https://nvd.nist.gov/vuln/detail/CVE-2017-10107)', '[CVE-2012-5076](https://nvd.nist.gov/vuln/detail/CVE-2012-5076)', '[CVE-2017-10101](https://nvd.nist.gov/vuln/detail/CVE-2017-10101)', '[CVE-2014-0457](https://nvd.nist.gov/vuln/detail/CVE-2014-0457)', '[CVE-2017-10086](https://nvd.nist.gov/vuln/detail/CVE-2017-10086)', '[CVE-2017-10110](https://nvd.nist.gov/vuln/detail/CVE-2017-10110)', '[CVE-2016-0494](https://nvd.nist.gov/vuln/detail/CVE-2016-0494)', '[CVE-2014-0456](https://nvd.nist.gov/vuln/detail/CVE-2014-0456)', '[CVE-2012-0507](https://nvd.nist.gov/vuln/detail/CVE-2012-0507)', '[CVE-2015-4844](https://nvd.nist.gov/vuln/detail/CVE-2015-4844)']

### Important
  
openjdk8 - ['[CVE-2014-0454](https://nvd.nist.gov/vuln/detail/CVE-2014-0454)', '[CVE-2014-2428](https://nvd.nist.gov/vuln/detail/CVE-2014-2428)', '[CVE-2017-3514](https://nvd.nist.gov/vuln/detail/CVE-2017-3514)', '[CVE-2017-10115](https://nvd.nist.gov/vuln/detail/CVE-2017-10115)', '[CVE-2017-10078](https://nvd.nist.gov/vuln/detail/CVE-2017-10078)', '[CVE-2014-0451](https://nvd.nist.gov/vuln/detail/CVE-2014-0451)', '[CVE-2022-34169](https://nvd.nist.gov/vuln/detail/CVE-2022-34169)', '[CVE-2014-2402](https://nvd.nist.gov/vuln/detail/CVE-2014-2402)', '[CVE-2017-10114](https://nvd.nist.gov/vuln/detail/CVE-2017-10114)', '[CVE-2017-10067](https://nvd.nist.gov/vuln/detail/CVE-2017-10067)', '[CVE-2014-2427](https://nvd.nist.gov/vuln/detail/CVE-2014-2427)', '[CVE-2014-0458](https://nvd.nist.gov/vuln/detail/CVE-2014-0458)', '[CVE-2017-10176](https://nvd.nist.gov/vuln/detail/CVE-2017-10176)', '[CVE-2020-14798](https://nvd.nist.gov/vuln/detail/CVE-2020-14798)', '[CVE-2017-10118](https://nvd.nist.gov/vuln/detail/CVE-2017-10118)', '[CVE-2014-2414](https://nvd.nist.gov/vuln/detail/CVE-2014-2414)', '[CVE-2014-2423](https://nvd.nist.gov/vuln/detail/CVE-2014-2423)', '[CVE-2014-2412](https://nvd.nist.gov/vuln/detail/CVE-2014-2412)', '[CVE-2014-0446](https://nvd.nist.gov/vuln/detail/CVE-2014-0446)', '[CVE-2021-25738](https://nvd.nist.gov/vuln/detail/CVE-2021-25738)', '[CVE-2017-10074](https://nvd.nist.gov/vuln/detail/CVE-2017-10074)', '[CVE-2017-3511](https://nvd.nist.gov/vuln/detail/CVE-2017-3511)', '[CVE-2017-3512](https://nvd.nist.gov/vuln/detail/CVE-2017-3512)', '[CVE-2014-0448](https://nvd.nist.gov/vuln/detail/CVE-2014-0448)', '[CVE-2014-0452](https://nvd.nist.gov/vuln/detail/CVE-2014-0452)', '[CVE-2021-20264](https://nvd.nist.gov/vuln/detail/CVE-2021-20264)']

### Moderate
  
openjdk8 - ['[CVE-2017-10105](https://nvd.nist.gov/vuln/detail/CVE-2017-10105)', '[CVE-2014-2422](https://nvd.nist.gov/vuln/detail/CVE-2014-2422)', '[CVE-2022-21296](https://nvd.nist.gov/vuln/detail/CVE-2022-21296)', '[CVE-2014-2409](https://nvd.nist.gov/vuln/detail/CVE-2014-2409)', '[CVE-2017-10108](https://nvd.nist.gov/vuln/detail/CVE-2017-10108)', '[CVE-2021-2161](https://nvd.nist.gov/vuln/detail/CVE-2021-2161)', '[CVE-2017-10198](https://nvd.nist.gov/vuln/detail/CVE-2017-10198)', '[CVE-2017-10109](https://nvd.nist.gov/vuln/detail/CVE-2017-10109)', '[CVE-2014-0464](https://nvd.nist.gov/vuln/detail/CVE-2014-0464)', '[CVE-2014-2403](https://nvd.nist.gov/vuln/detail/CVE-2014-2403)', '[CVE-2015-4902](https://nvd.nist.gov/vuln/detail/CVE-2015-4902)', '[CVE-2022-21540](https://nvd.nist.gov/vuln/detail/CVE-2022-21540)', '[CVE-2012-2739](https://nvd.nist.gov/vuln/detail/CVE-2012-2739)', '[CVE-2014-2401](https://nvd.nist.gov/vuln/detail/CVE-2014-2401)', '[CVE-2017-3509](https://nvd.nist.gov/vuln/detail/CVE-2017-3509)', '[CVE-2018-2657](https://nvd.nist.gov/vuln/detail/CVE-2018-2657)', '[CVE-2017-10081](https://nvd.nist.gov/vuln/detail/CVE-2017-10081)', '[CVE-2014-0459](https://nvd.nist.gov/vuln/detail/CVE-2014-0459)', '[CVE-2014-0463](https://nvd.nist.gov/vuln/detail/CVE-2014-0463)', '[CVE-2017-10243](https://nvd.nist.gov/vuln/detail/CVE-2017-10243)', '[CVE-2014-0453](https://nvd.nist.gov/vuln/detail/CVE-2014-0453)', '[CVE-2014-0460](https://nvd.nist.gov/vuln/detail/CVE-2014-0460)', '[CVE-2022-21293](https://nvd.nist.gov/vuln/detail/CVE-2022-21293)', '[CVE-2022-21624](https://nvd.nist.gov/vuln/detail/CVE-2022-21624)', '[CVE-2022-21619](https://nvd.nist.gov/vuln/detail/CVE-2022-21619)', '[CVE-2017-10053](https://nvd.nist.gov/vuln/detail/CVE-2017-10053)', '[CVE-2021-35560](https://nvd.nist.gov/vuln/detail/CVE-2021-35560)', '[CVE-2017-3231](https://nvd.nist.gov/vuln/detail/CVE-2017-3231)', '[CVE-2021-2163](https://nvd.nist.gov/vuln/detail/CVE-2021-2163)', '[CVE-2014-0449](https://nvd.nist.gov/vuln/detail/CVE-2014-0449)', '[CVE-2014-2413](https://nvd.nist.gov/vuln/detail/CVE-2014-2413)', '[CVE-2017-3526](https://nvd.nist.gov/vuln/detail/CVE-2017-3526)', '[CVE-2022-21282](https://nvd.nist.gov/vuln/detail/CVE-2022-21282)', '[CVE-2014-1876](https://nvd.nist.gov/vuln/detail/CVE-2014-1876)', '[CVE-2018-2800](https://nvd.nist.gov/vuln/detail/CVE-2018-2800)']

### Low
  
openjdk8 - ['[CVE-2019-2842](https://nvd.nist.gov/vuln/detail/CVE-2019-2842)', '[CVE-2017-10193](https://nvd.nist.gov/vuln/detail/CVE-2017-10193)', '[CVE-2021-35588](https://nvd.nist.gov/vuln/detail/CVE-2021-35588)', '[CVE-2014-2398](https://nvd.nist.gov/vuln/detail/CVE-2014-2398)', '[CVE-2017-3544](https://nvd.nist.gov/vuln/detail/CVE-2017-3544)', '[CVE-2015-4000](https://nvd.nist.gov/vuln/detail/CVE-2015-4000)', '[CVE-2020-2659](https://nvd.nist.gov/vuln/detail/CVE-2020-2659)', '[CVE-2020-14578](https://nvd.nist.gov/vuln/detail/CVE-2020-14578)', '[CVE-2014-2420](https://nvd.nist.gov/vuln/detail/CVE-2014-2420)', '[CVE-2017-3539](https://nvd.nist.gov/vuln/detail/CVE-2017-3539)', '[CVE-2017-3533](https://nvd.nist.gov/vuln/detail/CVE-2017-3533)', '[CVE-2020-14579](https://nvd.nist.gov/vuln/detail/CVE-2020-14579)']

## Solution
  
Update the affected packages (tdnf update package)

## Updated Packages Information
  
openjdk8-1.8.0.382-1.ph4.x86_64.rpm | size : 9.0M , sha256 : 5957f814e8cebea9b9edbc77da9f572a57db943e3efc42ec5edea0c2deb7f586 , build time : Mon, 19 Jun 2023 02:57:11 UTC
  
openjdk8-doc-1.8.0.382-1.ph4.x86_64.rpm | size : 1.8M , sha256 : f8820ddcb97d15e90b1f48432124fd8c8f11885c2dd4d4cbe70e91100a4e6ed3 , build time : Mon, 19 Jun 2023 02:57:11 UTC
  
openjdk8-sample-1.8.0.382-1.ph4.x86_64.rpm | size : 396K , sha256 : ac82ad00ed8e8b9be5c4c02ca67aeabedc42eeb485235562a3d1e20a2e2feafc , build time : Mon, 19 Jun 2023 02:57:11 UTC
  
openjdk8-src-1.8.0.382-1.ph4.x86_64.rpm | size : 45M , sha256 : 02185c8902cf9c6d9c6fc8f21041ae440709fcc8c5c3881ee3e0111e8acf7a4f , build time : Mon, 19 Jun 2023 02:57:11 UTC