23.02.500.0

Need help?

Schedule a consultation with an Azul performance expert.

23.02.500.0

Release date: October 17, 2023

This CPU release is based on Azul Prime 23.02.400.0 and corresponds to the following OpenJDK versions:

Major Version	OpenJDK Version
8	1.8.0_391-b01
11	11.0.20.1.101+1-LTS
17	17.0.8.1.101+1-LTS

What’s New

October 2023 CPU release security fixes.

CVE fixes

CVE #	Component	Protocol	Remote Exploit w/o Auth.	Base Score	Attack Vector	Attack Complex	Privileges Req’d	User Interact	Scope	Confiden-tiality	Integrity	Availability	Versions Affected	Notes
CVE-2023-22067	CORBA	CORBA	Yes	5.3	Network	Low	None	None	Unchanged	None	Low	None	8	Note 1
CVE-2023-22081	JSSE	HTTPS	Yes	5.3	Network	Low	None	None	Unchanged	None	None	Low	21, 17, 11, 8	Note 2
CVE-2023-30589 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Oracle GraalVM for JDK: Node (Node.js)	HTTP	Yes	7.5	Network	Low	None	None	Unchanged	None	High	None	None
CVE-2023-22091 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Oracle GraalVM for JDK: Compiler	Multiple	Yes	4.8	Network	High	None	None	Unchanged	Low	Low	None	None
CVE-2023-22025 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Hotspot	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	Low	None	None	Note 3

CVE #

Component

Protocol

Remote Exploit w/o Auth.

Base Score

Attack Vector

Attack Complex

Privileges Req’d

User Interact

Scope

Confiden-tiality

Integrity

Availability

Versions Affected

Notes

CVE-2023-22067

CORBA

Yes

5.3

Network

Low

None

Unchanged

None

Low

None

Note 1

CVE-2023-22081

JSSE

HTTPS

Yes

5.3

Network

Low

None

Unchanged

None

Low

21, 17, 11, 8

Note 2

CVE-2023-30589 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM for JDK: Node (Node.js)

HTTP

Yes

7.5

Network

Low

None

Unchanged

None

High

None

CVE-2023-22091 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM for JDK: Compiler

Multiple

Yes

4.8

Network

High

None

Unchanged

Low

None

CVE-2023-22025 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Hotspot

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

None

Note 3

Notes:

ID	Notes
1	This vulnerability can only be exploited by supplying data to APIs in the specified Component, e.g., through a web service.
2	This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
3	This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for October 2023

Known Issues

There are no new issues to report in this release.

Resolved Issues

There are no resolved issues associated with this release.