Common Vulnerabilities and Exposures Fixes for January 2023
The following Azul Platform Prime releases contain the January 2023 CPU release of OpenJDK:
| CPU | PSU |
|---|---|
22.08.300.0 |
23.01.0.0 |
- |
22.08.400.0 |
The following table lists the latest CVE fixes added in the Azul Platform Prime CPU release. The CVE IDs in the table apply to JDK 8, JDK 11, JDK 13, JDK 15, and JDK 17 unless noted otherwise.
January 2023 CVE Fix
CVSS VERSION 3.1 RISK
| CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Serialization |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
8 |
|
|
JSSE |
DTLS |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
17, 15, 13, 11 |
|
|
Sound |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 15, 13, 11, 8 |
|
|
CVE-2022-43548 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Oracle GraalVM Enterprise Edition: Node (Node.js) |
HTTPS |
Yes |
8.1 |
Network |
High |
None |
None |
Unchanged |
High |
High |
High |
None |
|
Base and Impact Metric:
| Metrics | Values |
|---|---|
Attack Vector |
Network (N), Adjacent (A), Local (L), and Physical (P) |
Attack Complexity |
Low (L) and High (H) |
Privileges Required |
None (N), Low (L), and High (H) |
User Interaction |
None (N) and Required (R) |
Scope |
Unchanged (U) and Changed (C) |
Confidentiality Impact |
High (H), Low (L), and None (N) |
Integrity Impact |
High (H), Low (L), and None (N) |
Availability Impact |
High (H), Low (L), and None (N) |
In-Depth Non-CVE Security Fixes
The following table lists the in-depth non-CVE security fixes implemented specifically for Azul Platform Prime.
January 2023 Non-CVE Security Fix
| OpenJDK Patch ID | Azul Prime Version | Synopsis | CPU/PSUCPU fixes are included in both CPU and PSU bundles. PSU fixes are included in the PSU bundles only. |
|---|---|---|---|
8 |
ISO 4217 Amendment 171 Update |
CPU,PSU |
|
17, 15, 13, 11, 8 |
(tz) Update Timezone Data to 2022g |
CPU,PSU |
|
17, 15, 13, 11, 8 |
ISO 4217 Amendment 174 Update |
CPU,PSU |
|
17, 15, 13, 11, 8 |
(tz) Update Timezone Data to 2022f |
CPU,PSU |
|
17, 15, 13, 11, 8 |
security/infra/wycheproof/RunWycheproof.java fails with Assertion Error |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Better BMP bounds |
CPU,PSU |
|
17, 15, 13, 11, 8 |
(tz) Update Timezone Data to 2022e |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Improve FX pages |
CPU,PSU |
|
17, 15, 13, 11, 8 |
(tz) Update Timezone Data to 2022d |
CPU,PSU |
|
17, 15, 13, 11, 8 |
ISO 4217 Amendment 173 Update |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Improve BMP image handling |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Objective view of ObjectView |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Enhance InetAddress address handling |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Enhanced DH Key Exchanges |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Better DragView handling |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Improve Robot functionality |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Better video decoding |
CPU,PSU |
|
8 |
ISO 4217 Amendment 172 Update |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Better GL support |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Better platform image support |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Enhance font creation |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Improve Thread labels |
CPU,PSU |
|
17, 15, 13, 11 |
Improve UTF8 representation |
CPU,PSU |
|
17, 15, 13, 11, 8 |
Update copyright year with 2023 in welcome.html for Jan cpu |
CPU,PSU |