Overview

File _patchinfo of Package patchinfo.28872

<patchinfo incident="28872">
  <issue tracker="cve" id="2023-21937"/>
  <issue tracker="cve" id="2023-21930"/>
  <issue tracker="cve" id="2023-21968"/>
  <issue tracker="cve" id="2023-21938"/>
  <issue tracker="cve" id="2023-21939"/>
  <issue tracker="cve" id="2023-21954"/>
  <issue tracker="cve" id="2023-21967"/>
  <issue tracker="bnc" id="1210637">VUL-0: CVE-2023-21968: java-1_8_0-ibm,java-1_8_0-openjdk,java-11-openjdk,java-17-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).</issue>
  <issue tracker="bnc" id="1210628">VUL-0: CVE-2023-21930: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk: unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition</issue>
  <issue tracker="bnc" id="1210632">VUL-0: CVE-2023-21938: java-11-openjdk,java-1_8_0-openjdk,java-17-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).</issue>
  <issue tracker="bnc" id="1210631">VUL-0: CVE-2023-21937: java-11-openjdk,java-17-openjdk,java-1_8_0-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).</issue>
  <issue tracker="bnc" id="1210634">VUL-0: CVE-2023-21939: java-11-openjdk,java-1_8_0-openjdk,java-17-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).</issue>
  <issue tracker="bnc" id="1210635">VUL-0: CVE-2023-21954: java-17-openjdk,java-1_8_0-openjdk,java-11-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).</issue>
  <issue tracker="bnc" id="1210636">VUL-0: CVE-2023-21967: java-17-openjdk,java-1_8_0-ibm,java-11-openjdk,java-1_8_0-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openjdk</summary>
  <description>This update for java-1_8_0-openjdk fixes the following issues:

- Updated to version jdk8u372 (icedtea-3.27.0):
    - CVE-2023-21930: Fixed an issue in the JSSE component that could
      allow an attacker to access critical data without authorization
      (bsc#1210628).
    - CVE-2023-21937: Fixed an issue in the Networking component that
      could allow an attacker to update, insert or delete some data
      without authorization (bsc#1210631).
    - CVE-2023-21938: Fixed an issue in the Libraries component that
      could allow an attacker to update, insert or delete some data
      without authorization (bsc#1210632).
    - CVE-2023-21939: Fixed an issue in the Swing component that could
      allow an attacker to update, insert or delete some data without
      authorization (bsc#1210634).
    - CVE-2023-21954: Fixed an issue in the Hotspot component that
      could allow an attacker to access critical data without
      authorization (bsc#1210635).
    - CVE-2023-21967: Fixed an issue in the JSSE component that could
      allow an attacker to cause a hang or frequently repeatable
      crash without authorization (bsc#1210636).
    - CVE-2023-21968: Fixed an issue in the Libraries component that
      could allow an attacker to update, insert or delete some data
      without authorization (bsc#1210637).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places