MGASA-2023-0037

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2023-21830 CVE-2023-21835 CVE-2023-21843

Published: 07 Feb 2023, 00:06

Last modified:16 Apr 2026, 04:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Feb 2023, 00:06

Published

Vulnerability first disclosed

16 Apr 2026, 04:23

Last Modified

Vulnerability information updated

Description

Updated java/timezone packages fix security vulnerability Improper restrictions in CORBA deserialization. (CVE-2023-21830) Handshake DoS attack against DTLS connections. (CVE-2023-21835) Soundbank URL remote loading. (CVE-2023-21843)

Affected Systems

mageia•java-11-openjdk
< 11.0.18.0.10-1.mga8
mageia•java-1.8.0-openjdk
< 1.8.0.362.b09-1.mga8
mageia•timezone
< 2022g-1.mga8

References (5)

https://advisories.mageia.org/MGASA-2023-0037.html
https://bugs.mageia.org/show_bug.cgi?id=31452
https://access.redhat.com/errata/RHSA-2023:0203
https://access.redhat.com/errata/RHSA-2023:0200
https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA