# Critical Photon OS Security Update ## Summary Advisory Id : PHSA-2023-4.0-0414 Type : Security Severity : ['Critical', 'Important', 'Moderate', 'Low'] Issue date : 2023-06-20 Affected Release: 4.0 ## Details Updates of ['openjdk11', 'crash'] packages of Photon OS have been released. ## Affected Packages ### Critical crash - ['[CVE-2017-7614](https://nvd.nist.gov/vuln/detail/CVE-2017-7614)', '[CVE-2017-6969](https://nvd.nist.gov/vuln/detail/CVE-2017-6969)', '[CVE-2018-12699](https://nvd.nist.gov/vuln/detail/CVE-2018-12699)', '[CVE-2014-9939](https://nvd.nist.gov/vuln/detail/CVE-2014-9939)', '[CVE-2017-7226](https://nvd.nist.gov/vuln/detail/CVE-2017-7226)'] ### Important openjdk11 - ['[CVE-2018-11813](https://nvd.nist.gov/vuln/detail/CVE-2018-11813)', '[CVE-2020-14152](https://nvd.nist.gov/vuln/detail/CVE-2020-14152)', '[CVE-2020-14153](https://nvd.nist.gov/vuln/detail/CVE-2020-14153)'] crash - ['[CVE-2017-14745](https://nvd.nist.gov/vuln/detail/CVE-2017-14745)', '[CVE-2014-8501](https://nvd.nist.gov/vuln/detail/CVE-2014-8501)', '[CVE-2014-8502](https://nvd.nist.gov/vuln/detail/CVE-2014-8502)', '[CVE-2017-9043](https://nvd.nist.gov/vuln/detail/CVE-2017-9043)', '[CVE-2018-7208](https://nvd.nist.gov/vuln/detail/CVE-2018-7208)', '[CVE-2018-18483](https://nvd.nist.gov/vuln/detail/CVE-2018-18483)', '[CVE-2017-7300](https://nvd.nist.gov/vuln/detail/CVE-2017-7300)', '[CVE-2017-9752](https://nvd.nist.gov/vuln/detail/CVE-2017-9752)', '[CVE-2017-15020](https://nvd.nist.gov/vuln/detail/CVE-2017-15020)', '[CVE-2017-9751](https://nvd.nist.gov/vuln/detail/CVE-2017-9751)', '[CVE-2019-9077](https://nvd.nist.gov/vuln/detail/CVE-2019-9077)', '[CVE-2017-16827](https://nvd.nist.gov/vuln/detail/CVE-2017-16827)', '[CVE-2018-5392](https://nvd.nist.gov/vuln/detail/CVE-2018-5392)', '[CVE-2019-9075](https://nvd.nist.gov/vuln/detail/CVE-2019-9075)', '[CVE-2018-6543](https://nvd.nist.gov/vuln/detail/CVE-2018-6543)', '[CVE-2017-9744](https://nvd.nist.gov/vuln/detail/CVE-2017-9744)', '[CVE-2017-17122](https://nvd.nist.gov/vuln/detail/CVE-2017-17122)', '[CVE-2017-7223](https://nvd.nist.gov/vuln/detail/CVE-2017-7223)', '[CVE-2017-9753](https://nvd.nist.gov/vuln/detail/CVE-2017-9753)', '[CVE-2017-7225](https://nvd.nist.gov/vuln/detail/CVE-2017-7225)', '[CVE-2017-7304](https://nvd.nist.gov/vuln/detail/CVE-2017-7304)', '[CVE-2018-1000876](https://nvd.nist.gov/vuln/detail/CVE-2018-1000876)', '[CVE-2018-12934](https://nvd.nist.gov/vuln/detail/CVE-2018-12934)', '[CVE-2017-9743](https://nvd.nist.gov/vuln/detail/CVE-2017-9743)', '[CVE-2014-8504](https://nvd.nist.gov/vuln/detail/CVE-2014-8504)', '[CVE-2017-8398](https://nvd.nist.gov/vuln/detail/CVE-2017-8398)', '[CVE-2014-8485](https://nvd.nist.gov/vuln/detail/CVE-2014-8485)', '[CVE-2017-8392](https://nvd.nist.gov/vuln/detail/CVE-2017-8392)', '[CVE-2017-8393](https://nvd.nist.gov/vuln/detail/CVE-2017-8393)', '[CVE-2005-1705](https://nvd.nist.gov/vuln/detail/CVE-2005-1705)', '[CVE-2018-6323](https://nvd.nist.gov/vuln/detail/CVE-2018-6323)', '[CVE-2017-12456](https://nvd.nist.gov/vuln/detail/CVE-2017-12456)', '[CVE-2017-17126](https://nvd.nist.gov/vuln/detail/CVE-2017-17126)', '[CVE-2017-7302](https://nvd.nist.gov/vuln/detail/CVE-2017-7302)', '[CVE-2017-12799](https://nvd.nist.gov/vuln/detail/CVE-2017-12799)', '[CVE-2017-9750](https://nvd.nist.gov/vuln/detail/CVE-2017-9750)', '[CVE-2017-9748](https://nvd.nist.gov/vuln/detail/CVE-2017-9748)', '[CVE-2017-8394](https://nvd.nist.gov/vuln/detail/CVE-2017-8394)', '[CVE-2017-15938](https://nvd.nist.gov/vuln/detail/CVE-2017-15938)', '[CVE-2018-12697](https://nvd.nist.gov/vuln/detail/CVE-2018-12697)', '[CVE-2017-17121](https://nvd.nist.gov/vuln/detail/CVE-2017-17121)', '[CVE-2017-9745](https://nvd.nist.gov/vuln/detail/CVE-2017-9745)', '[CVE-2017-16826](https://nvd.nist.gov/vuln/detail/CVE-2017-16826)', '[CVE-2017-16828](https://nvd.nist.gov/vuln/detail/CVE-2017-16828)', '[CVE-2017-7303](https://nvd.nist.gov/vuln/detail/CVE-2017-7303)', '[CVE-2018-12698](https://nvd.nist.gov/vuln/detail/CVE-2018-12698)', '[CVE-2017-8395](https://nvd.nist.gov/vuln/detail/CVE-2017-8395)', '[CVE-2017-8396](https://nvd.nist.gov/vuln/detail/CVE-2017-8396)', '[CVE-2017-8397](https://nvd.nist.gov/vuln/detail/CVE-2017-8397)', '[CVE-2017-9754](https://nvd.nist.gov/vuln/detail/CVE-2017-9754)', '[CVE-2018-19931](https://nvd.nist.gov/vuln/detail/CVE-2018-19931)', '[CVE-2017-9755](https://nvd.nist.gov/vuln/detail/CVE-2017-9755)', '[CVE-2017-14729](https://nvd.nist.gov/vuln/detail/CVE-2017-14729)', '[CVE-2017-9749](https://nvd.nist.gov/vuln/detail/CVE-2017-9749)', '[CVE-2017-16832](https://nvd.nist.gov/vuln/detail/CVE-2017-16832)', '[CVE-2019-9070](https://nvd.nist.gov/vuln/detail/CVE-2019-9070)', '[CVE-2017-16830](https://nvd.nist.gov/vuln/detail/CVE-2017-16830)', '[CVE-2017-7227](https://nvd.nist.gov/vuln/detail/CVE-2017-7227)', '[CVE-2017-16831](https://nvd.nist.gov/vuln/detail/CVE-2017-16831)', '[CVE-2017-17125](https://nvd.nist.gov/vuln/detail/CVE-2017-17125)', '[CVE-2017-16829](https://nvd.nist.gov/vuln/detail/CVE-2017-16829)', '[CVE-2018-20657](https://nvd.nist.gov/vuln/detail/CVE-2018-20657)', '[CVE-2021-37322](https://nvd.nist.gov/vuln/detail/CVE-2021-37322)', '[CVE-2017-9742](https://nvd.nist.gov/vuln/detail/CVE-2017-9742)', '[CVE-2021-20294](https://nvd.nist.gov/vuln/detail/CVE-2021-20294)', '[CVE-2017-13716](https://nvd.nist.gov/vuln/detail/CVE-2017-13716)', '[CVE-2017-9042](https://nvd.nist.gov/vuln/detail/CVE-2017-9042)', '[CVE-2018-7643](https://nvd.nist.gov/vuln/detail/CVE-2018-7643)', '[CVE-2017-7301](https://nvd.nist.gov/vuln/detail/CVE-2017-7301)', '[CVE-2017-17124](https://nvd.nist.gov/vuln/detail/CVE-2017-17124)', '[CVE-2017-9746](https://nvd.nist.gov/vuln/detail/CVE-2017-9746)', '[CVE-2017-9756](https://nvd.nist.gov/vuln/detail/CVE-2017-9756)', '[CVE-2017-14333](https://nvd.nist.gov/vuln/detail/CVE-2017-14333)', '[CVE-2017-15996](https://nvd.nist.gov/vuln/detail/CVE-2017-15996)', '[CVE-2014-8503](https://nvd.nist.gov/vuln/detail/CVE-2014-8503)', '[CVE-2017-9747](https://nvd.nist.gov/vuln/detail/CVE-2017-9747)'] ### Moderate openjdk11 - ['[CVE-2023-21939](https://nvd.nist.gov/vuln/detail/CVE-2023-21939)', '[CVE-2023-21967](https://nvd.nist.gov/vuln/detail/CVE-2023-21967)', '[CVE-2023-21835](https://nvd.nist.gov/vuln/detail/CVE-2023-21835)', '[CVE-2023-21843](https://nvd.nist.gov/vuln/detail/CVE-2023-21843)', '[CVE-2023-21930](https://nvd.nist.gov/vuln/detail/CVE-2023-21930)', '[CVE-2023-21954](https://nvd.nist.gov/vuln/detail/CVE-2023-21954)'] crash - ['[CVE-2017-12457](https://nvd.nist.gov/vuln/detail/CVE-2017-12457)', '[CVE-2017-15939](https://nvd.nist.gov/vuln/detail/CVE-2017-15939)', '[CVE-2020-35496](https://nvd.nist.gov/vuln/detail/CVE-2020-35496)', '[CVE-2020-16592](https://nvd.nist.gov/vuln/detail/CVE-2020-16592)', '[CVE-2017-15025](https://nvd.nist.gov/vuln/detail/CVE-2017-15025)', '[CVE-2018-20651](https://nvd.nist.gov/vuln/detail/CVE-2018-20651)', '[CVE-2018-18700](https://nvd.nist.gov/vuln/detail/CVE-2018-18700)', '[CVE-2018-13033](https://nvd.nist.gov/vuln/detail/CVE-2018-13033)', '[CVE-2017-6966](https://nvd.nist.gov/vuln/detail/CVE-2017-6966)', '[CVE-2019-17450](https://nvd.nist.gov/vuln/detail/CVE-2019-17450)', '[CVE-2017-12454](https://nvd.nist.gov/vuln/detail/CVE-2017-12454)', '[CVE-2017-12452](https://nvd.nist.gov/vuln/detail/CVE-2017-12452)', '[CVE-2019-1010204](https://nvd.nist.gov/vuln/detail/CVE-2019-1010204)', '[CVE-2017-6965](https://nvd.nist.gov/vuln/detail/CVE-2017-6965)', '[CVE-2020-35494](https://nvd.nist.gov/vuln/detail/CVE-2020-35494)', '[CVE-2019-9073](https://nvd.nist.gov/vuln/detail/CVE-2019-9073)', '[CVE-2017-13757](https://nvd.nist.gov/vuln/detail/CVE-2017-13757)', '[CVE-2011-4355](https://nvd.nist.gov/vuln/detail/CVE-2011-4355)', '[CVE-2017-14932](https://nvd.nist.gov/vuln/detail/CVE-2017-14932)', '[CVE-2017-14128](https://nvd.nist.gov/vuln/detail/CVE-2017-14128)', '[CVE-2018-18606](https://nvd.nist.gov/vuln/detail/CVE-2018-18606)', '[CVE-2018-10372](https://nvd.nist.gov/vuln/detail/CVE-2018-10372)', '[CVE-2017-15021](https://nvd.nist.gov/vuln/detail/CVE-2017-15021)', '[CVE-2017-9039](https://nvd.nist.gov/vuln/detail/CVE-2017-9039)', '[CVE-2018-6759](https://nvd.nist.gov/vuln/detail/CVE-2018-6759)', '[CVE-2018-18309](https://nvd.nist.gov/vuln/detail/CVE-2018-18309)', '[CVE-2018-10535](https://nvd.nist.gov/vuln/detail/CVE-2018-10535)', '[CVE-2019-12972](https://nvd.nist.gov/vuln/detail/CVE-2019-12972)', '[CVE-2019-9072](https://nvd.nist.gov/vuln/detail/CVE-2019-9072)', '[CVE-2017-12448](https://nvd.nist.gov/vuln/detail/CVE-2017-12448)', '[CVE-2017-9040](https://nvd.nist.gov/vuln/detail/CVE-2017-9040)', '[CVE-2020-35507](https://nvd.nist.gov/vuln/detail/CVE-2020-35507)', '[CVE-2017-14974](https://nvd.nist.gov/vuln/detail/CVE-2017-14974)', '[CVE-2018-19932](https://nvd.nist.gov/vuln/detail/CVE-2018-19932)', '[CVE-2020-35493](https://nvd.nist.gov/vuln/detail/CVE-2020-35493)', '[CVE-2019-17451](https://nvd.nist.gov/vuln/detail/CVE-2019-17451)', '[CVE-2017-12458](https://nvd.nist.gov/vuln/detail/CVE-2017-12458)', '[CVE-2017-14940](https://nvd.nist.gov/vuln/detail/CVE-2017-14940)', '[CVE-2017-14938](https://nvd.nist.gov/vuln/detail/CVE-2017-14938)', '[CVE-2018-17360](https://nvd.nist.gov/vuln/detail/CVE-2018-17360)', '[CVE-2017-15024](https://nvd.nist.gov/vuln/detail/CVE-2017-15024)', '[CVE-2017-9044](https://nvd.nist.gov/vuln/detail/CVE-2017-9044)', '[CVE-2018-20673](https://nvd.nist.gov/vuln/detail/CVE-2018-20673)', '[CVE-2018-20671](https://nvd.nist.gov/vuln/detail/CVE-2018-20671)', '[CVE-2018-20002](https://nvd.nist.gov/vuln/detail/CVE-2018-20002)', '[CVE-2017-17123](https://nvd.nist.gov/vuln/detail/CVE-2017-17123)', '[CVE-2017-17080](https://nvd.nist.gov/vuln/detail/CVE-2017-17080)', '[CVE-2017-8421](https://nvd.nist.gov/vuln/detail/CVE-2017-8421)', '[CVE-2014-8484](https://nvd.nist.gov/vuln/detail/CVE-2014-8484)', '[CVE-2018-10534](https://nvd.nist.gov/vuln/detail/CVE-2018-10534)', '[CVE-2017-7209](https://nvd.nist.gov/vuln/detail/CVE-2017-7209)', '[CVE-2020-16591](https://nvd.nist.gov/vuln/detail/CVE-2020-16591)', '[CVE-2017-12967](https://nvd.nist.gov/vuln/detail/CVE-2017-12967)', '[CVE-2017-14934](https://nvd.nist.gov/vuln/detail/CVE-2017-14934)', '[CVE-2017-7299](https://nvd.nist.gov/vuln/detail/CVE-2017-7299)', '[CVE-2018-18484](https://nvd.nist.gov/vuln/detail/CVE-2018-18484)', '[CVE-2018-7642](https://nvd.nist.gov/vuln/detail/CVE-2018-7642)', '[CVE-2017-9778](https://nvd.nist.gov/vuln/detail/CVE-2017-9778)', '[CVE-2018-18605](https://nvd.nist.gov/vuln/detail/CVE-2018-18605)', '[CVE-2019-9071](https://nvd.nist.gov/vuln/detail/CVE-2019-9071)', '[CVE-2018-17359](https://nvd.nist.gov/vuln/detail/CVE-2018-17359)', '[CVE-2017-14529](https://nvd.nist.gov/vuln/detail/CVE-2017-14529)', '[CVE-2020-16593](https://nvd.nist.gov/vuln/detail/CVE-2020-16593)', '[CVE-2017-14939](https://nvd.nist.gov/vuln/detail/CVE-2017-14939)', '[CVE-2021-3487](https://nvd.nist.gov/vuln/detail/CVE-2021-3487)', '[CVE-2018-7570](https://nvd.nist.gov/vuln/detail/CVE-2018-7570)', '[CVE-2018-10373](https://nvd.nist.gov/vuln/detail/CVE-2018-10373)', '[CVE-2017-9954](https://nvd.nist.gov/vuln/detail/CVE-2017-9954)', '[CVE-2021-20197](https://nvd.nist.gov/vuln/detail/CVE-2021-20197)', '[CVE-2018-8945](https://nvd.nist.gov/vuln/detail/CVE-2018-8945)', '[CVE-2017-12455](https://nvd.nist.gov/vuln/detail/CVE-2017-12455)', '[CVE-2017-9038](https://nvd.nist.gov/vuln/detail/CVE-2017-9038)', '[CVE-2017-14129](https://nvd.nist.gov/vuln/detail/CVE-2017-14129)', '[CVE-2018-6872](https://nvd.nist.gov/vuln/detail/CVE-2018-6872)', '[CVE-2018-17985](https://nvd.nist.gov/vuln/detail/CVE-2018-17985)', '[CVE-2017-12453](https://nvd.nist.gov/vuln/detail/CVE-2017-12453)', '[CVE-2018-18701](https://nvd.nist.gov/vuln/detail/CVE-2018-18701)', '[CVE-2019-14250](https://nvd.nist.gov/vuln/detail/CVE-2019-14250)', '[CVE-2019-9074](https://nvd.nist.gov/vuln/detail/CVE-2019-9074)', '[CVE-2018-17794](https://nvd.nist.gov/vuln/detail/CVE-2018-17794)', '[CVE-2019-14444](https://nvd.nist.gov/vuln/detail/CVE-2019-14444)', '[CVE-2017-12451](https://nvd.nist.gov/vuln/detail/CVE-2017-12451)', '[CVE-2017-14930](https://nvd.nist.gov/vuln/detail/CVE-2017-14930)', '[CVE-2018-18607](https://nvd.nist.gov/vuln/detail/CVE-2018-18607)', '[CVE-2018-7569](https://nvd.nist.gov/vuln/detail/CVE-2018-7569)', '[CVE-2017-13710](https://nvd.nist.gov/vuln/detail/CVE-2017-13710)', '[CVE-2017-15225](https://nvd.nist.gov/vuln/detail/CVE-2017-15225)', '[CVE-2014-8738](https://nvd.nist.gov/vuln/detail/CVE-2014-8738)', '[CVE-2017-14130](https://nvd.nist.gov/vuln/detail/CVE-2017-14130)', '[CVE-2017-15022](https://nvd.nist.gov/vuln/detail/CVE-2017-15022)', '[CVE-2018-7568](https://nvd.nist.gov/vuln/detail/CVE-2018-7568)', '[CVE-2018-17358](https://nvd.nist.gov/vuln/detail/CVE-2018-17358)', '[CVE-2018-20623](https://nvd.nist.gov/vuln/detail/CVE-2018-20623)', '[CVE-2017-7224](https://nvd.nist.gov/vuln/detail/CVE-2017-7224)', '[CVE-2017-15023](https://nvd.nist.gov/vuln/detail/CVE-2017-15023)', '[CVE-2017-7210](https://nvd.nist.gov/vuln/detail/CVE-2017-7210)', '[CVE-2017-9955](https://nvd.nist.gov/vuln/detail/CVE-2017-9955)', '[CVE-2021-20284](https://nvd.nist.gov/vuln/detail/CVE-2021-20284)', '[CVE-2017-9041](https://nvd.nist.gov/vuln/detail/CVE-2017-9041)', '[CVE-2005-1704](https://nvd.nist.gov/vuln/detail/CVE-2005-1704)', '[CVE-2017-14933](https://nvd.nist.gov/vuln/detail/CVE-2017-14933)', '[CVE-2017-12450](https://nvd.nist.gov/vuln/detail/CVE-2017-12450)', '[CVE-2020-35495](https://nvd.nist.gov/vuln/detail/CVE-2020-35495)', '[CVE-2020-16590](https://nvd.nist.gov/vuln/detail/CVE-2020-16590)', '[CVE-2017-12459](https://nvd.nist.gov/vuln/detail/CVE-2017-12459)', '[CVE-2017-12449](https://nvd.nist.gov/vuln/detail/CVE-2017-12449)'] ### Low openjdk11 - ['[CVE-2023-21938](https://nvd.nist.gov/vuln/detail/CVE-2023-21938)', '[CVE-2023-21937](https://nvd.nist.gov/vuln/detail/CVE-2023-21937)', '[CVE-2023-21968](https://nvd.nist.gov/vuln/detail/CVE-2023-21968)'] crash - ['[CVE-2020-35448](https://nvd.nist.gov/vuln/detail/CVE-2020-35448)', '[CVE-2014-8737](https://nvd.nist.gov/vuln/detail/CVE-2014-8737)'] ## Solution Update the affected packages (tdnf update package) ## Updated Packages Information openjdk11-11.0.20-1.ph4.x86_64.rpm | size : 162M , sha256 : 0f444fcbca7f7f5ee95dcc44823bf64f8afb35af4633a7e1f1ee729cd754e953 , build time : Mon, 19 Jun 2023 18:47:53 UTC openjdk11-doc-11.0.20-1.ph4.x86_64.rpm | size : 4.3M , sha256 : 548eca584c5ad563a2843253a8f91eda58ae1a4d44e712d2ee62a6b3c65d091c , build time : Mon, 19 Jun 2023 18:47:53 UTC openjdk11-src-11.0.20-1.ph4.x86_64.rpm | size : 50M , sha256 : 818f5752b06dc468a950004f3640915f953e24e3916700a69fd29151a8d1b0ea , build time : Mon, 19 Jun 2023 18:47:53 UTC crash-8.0.2-1.ph4.x86_64.rpm | size : 4.1M , sha256 : 0dec615e87131bca94bca6e77d58421cdaf820aed3f786ba3846e3cc952b8644 , build time : Mon, 19 Jun 2023 18:47:30 UTC crash-devel-8.0.2-1.ph4.x86_64.rpm | size : 60K , sha256 : 81dcc594e53ec5aa81238f1ce7ff3b67752049df35c592999fd4088090098dc0 , build time : Mon, 19 Jun 2023 18:47:30 UTC