Hadoop fails with Prime when -XX:+UseAES is used
23.07.0.0
23.07.0.0
Release date: July 31, 2023
This PSU release is based on Azul Prime 23.06.0.0 and corresponds to the following OpenJDK versions:
| Major Version | OpenJDK Version |
|---|---|
8 |
1.8.0_382-b5 |
11 |
11.0.20+8-LTS |
17 |
17.0.8+7-LTS |
What’s New
-
ZVision and ZVRobot have been separated from the Azul Prime package due to a known vulnerability in jQuery 1.4.3, which is used in building the ZVision and ZVRobot utilities. At this time, Azul is not aware of any vulnerability in ZVision itself. For this reason, ZVision is still available for download for Azul Prime subscribers at https://ftp.azul.com/releases/Zing/ZVision/ZVTools.zip
-
The command line option
-XX:CompileCommandhas been updated to useFalconCompileThreshold.This option is used in the following way:
-XX:CompileCommand="option,<Class>::<method>,FalconCompileThreshold=<threshold value>" -
July 2023 CPU release security fixes.
CVE fixes
| CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Hotspot |
None |
No |
5.1 |
Local |
High |
None |
None |
Unchanged |
High |
None |
None |
17, 11 |
Note 1 |
|
Utility |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
17, 11 |
Note 2 |
|
Libraries |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
Low |
None |
17, 11, 8 |
Note 2 |
|
2D (Harfbuzz) |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
None |
None |
Low |
17, 11 |
Note 2 |
|
Networking |
Multiple |
Yes |
3.1 |
Network |
High |
None |
Required |
Unchanged |
None |
Low |
None |
17, 11 |
Note 1 |
|
CVE-2023-22043 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
JavaFX |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
High |
None |
None |
Note 1 |
CVE-2023-22044 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
Note 2 |
CVE-2023-22045 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Hotspot |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
Note 2 |
CVE-2023-22051 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
GraalVM Compiler |
Multiple |
Yes |
3.7 |
Network |
High |
None |
None |
Unchanged |
Low |
None |
None |
None |
|
Notes:
| ID | Notes |
|---|---|
1 |
This vulnerability applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). |
2 |
This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. |
For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for July 2023