File _patchinfo of Package patchinfo.30311
<patchinfo incident="30311"> <issue tracker="bnc" id="1213475">VUL-0: CVE-2023-22041: java-1_8_0-openjdk,java-17-openjdk,java-11-openjdk,java-1_8_0-ibm: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).</issue> <issue tracker="bnc" id="1213541">VUL-0: java-1_8_0-ibm: Oracle CPU July 2023</issue> <issue tracker="bnc" id="1213482">VUL-0: CVE-2023-22049: java-11-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk,java-17-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries).</issue> <issue tracker="bnc" id="1213479">VUL-0: CVE-2023-22044: java-1_8_0-ibm,java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).</issue> <issue tracker="bnc" id="1213473">VUL-0: CVE-2023-22006: java-1_8_0-ibm,java-1_8_0-openjdk,java-17-openjdk,java-11-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking)</issue> <issue tracker="bnc" id="1213934">VUL-0: CVE-2022-40609: java-1_8_0-openjdk, java-1_7_0-openjdk: unsafe deserialization flaw in the Object Request Broker (ORB)</issue> <issue tracker="bnc" id="1207922">VUL-0: CVE-2023-25193: firefox-harfbuzz,harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks</issue> <issue tracker="bnc" id="1213474">VUL-0: CVE-2023-22036: java-17-openjdk,java-1_8_0-openjdk,java-1_8_0-ibm,java-11-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility).</issue> <issue tracker="bnc" id="1213481">VUL-0: CVE-2023-22045: java-1_8_0-openjdk,java-1_8_0-ibm,java-17-openjdk,java-11-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).</issue> <issue tracker="bnc" id="1214431">VUL-0: java-1_8_0-ibm: IBM Security Update August 2023</issue> <issue tracker="cve" id="2023-22036"/> <issue tracker="cve" id="2023-22006"/> <issue tracker="cve" id="2022-40609"/> <issue tracker="cve" id="2023-22044"/> <issue tracker="cve" id="2023-22041"/> <issue tracker="cve" id="2023-25193"/> <issue tracker="cve" id="2023-22049"/> <issue tracker="cve" id="2023-22045"/> <packager>pmonrealgonzalez</packager> <rating>important</rating> <category>security</category> <summary>Security update for java-1_8_0-ibm</summary> <description>This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 10 (bsc#1213541) - CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. (bsc#1213934) - CVE-2023-22041: Fixed a flaw whcih could allow unauthorized access to critical data or complete access. (bsc#1213475) - CVE-2023-22049: Fixed a flaw which could result in unauthorized update. (bsc#1213482) - CVE-2023-22045: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213481) - CVE-2023-22044: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213479) - CVE-2023-22036: Fixed a flaw which could result in unauthorized ability to cause a partial denial of service. (bsc#1213474) - CVE-2023-25193: Fixed a flaw which could allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. (bsc#1207922) - CVE-2023-22006: Fixed a flaw which could result in unauthorized update, insert or delete access for JDK accessible data. (bsc#1213473) </description> </patchinfo>
