Visit Azul.com Support

Common Vulnerabilities and Exposures Fixes for January 2023

Table of Contents
Need help?
Schedule a consultation with an Azul performance expert.
Contact Us
Talk about OpenJDK?
Discuss with the community on the Foojay Forum.
Go to Forum
Looking for Zing?
The Azul Zing Virtual Machine is now Azul Zulu Prime Builds of OpenJDK and part of Azul Platform Prime.
Learn more

The following Azul Platform Prime releases contain the January 2023 CPU release of OpenJDK:

CPU

PSU

22.08.300.0

23.01.0.0

The following table lists the latest CVE fixes added in the Azul Platform Prime CPU release. The CVE IDs in the table apply to JDK 8, JDK 11, JDK 13, JDK 15, and JDK 17 unless noted otherwise.

January 2023 CVE Fix

CVSS VERSION 3.1 RISK

CVE # Component Protocol Remote Exploit w/o Auth. Base Score Attack Vector Attack Complex Privileges Req’d User Interact Scope Confiden-tiality Integrity Availability Versions Affected Notes

CVE-2023-21830

Serialization

Multiple

Yes

5.3

Network

Low

None

None

Unchanged

None

Low

None

8

CVE-2023-21835

JSSE

DTLS

Yes

5.3

Network

Low

None

None

Unchanged

None

None

Low

17, 15, 13, 11

CVE-2023-21843

Sound

Multiple

Yes

3.7

Network

High

None

None

Unchanged

None

Low

None

17, 15, 13, 11, 8

CVE-2022-43548 This CVE is not applicable to Azul Zulu. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM Enterprise Edition: Node (Node.js)

HTTPS

Yes

8.1

Network

High

None

None

Unchanged

High

High

High

None

Base and Impact Metric:

Metrics Values

Attack Vector

Network (N), Adjacent (A), Local (L), and Physical (P)

Attack Complexity

Low (L) and High (H)

Privileges Required

None (N), Low (L), and High (H)

User Interaction

None (N) and Required (R)

Scope

Unchanged (U) and Changed (C)

Confidentiality Impact

High (H), Low (L), and None (N)

Integrity Impact

High (H), Low (L), and None (N)

Availability Impact

High (H), Low (L), and None (N)

In-Depth Non-CVE Security Fixes

The following table lists the in-depth non-CVE security fixes implemented specifically for Azul Platform Prime.

January 2023 Non-CVE Security Fix

OpenJDK Patch ID Azul Prime Version Synopsis CPU/PSUCPU fixes are included in both CPU and PSU bundles. PSU fixes are included in the PSU bundles only.

JDK-8283277

8

ISO 4217 Amendment 171 Update

CPU,PSU

JDK-8297804

17, 15, 13, 11, 8

(tz) Update Timezone Data to 2022g

CPU,PSU

JDK-8296239

17, 15, 13, 11, 8

ISO 4217 Amendment 174 Update

CPU,PSU

JDK-8296108

17, 15, 13, 11, 8

(tz) Update Timezone Data to 2022f

CPU,PSU

JDK-8295723

17, 15, 13, 11, 8

security/infra/wycheproof/RunWycheproof.java fails with Assertion Error

CPU,PSU

JDK-8295687

17, 15, 13, 11, 8

Better BMP bounds

CPU,PSU

JDK-8295173

17, 15, 13, 11, 8

(tz) Update Timezone Data to 2022e

CPU,PSU

JDK-8294779

17, 15, 13, 11, 8

Improve FX pages

CPU,PSU

JDK-8294357

17, 15, 13, 11, 8

(tz) Update Timezone Data to 2022d

CPU,PSU

JDK-8294307

17, 15, 13, 11, 8

ISO 4217 Amendment 173 Update

CPU,PSU

JDK-8293734

17, 15, 13, 11, 8

Improve BMP image handling

CPU,PSU

JDK-8293717

17, 15, 13, 11, 8

Objective view of ObjectView

CPU,PSU

JDK-8293598

17, 15, 13, 11, 8

Enhance InetAddress address handling

CPU,PSU

JDK-8293554

17, 15, 13, 11, 8

Enhanced DH Key Exchanges

CPU,PSU

JDK-8292112

17, 15, 13, 11, 8

Better DragView handling

CPU,PSU

JDK-8292105

17, 15, 13, 11, 8

Improve Robot functionality

CPU,PSU

JDK-8292097

17, 15, 13, 11, 8

Better video decoding

CPU,PSU

JDK-8289549

8

ISO 4217 Amendment 172 Update

CPU,PSU

JDK-8289343

17, 15, 13, 11, 8

Better GL support

CPU,PSU

JDK-8289336

17, 15, 13, 11, 8

Better platform image support

CPU,PSU

JDK-8288516

17, 15, 13, 11, 8

Enhance font creation

CPU,PSU

JDK-8286496

17, 15, 13, 11, 8

Improve Thread labels

CPU,PSU

JDK-8286070

17, 15, 13, 11

Improve UTF8 representation

CPU,PSU

ZULU-43112

17, 15, 13, 11, 8

Update copyright year with 2023 in welcome.html for Jan cpu

CPU,PSU