File _patchinfo of Package patchinfo.30220

<patchinfo incident="30220">
  <issue tracker="cve" id="2023-21939"/>
  <issue tracker="cve" id="2023-21938"/>
  <issue tracker="cve" id="2023-21968"/>
  <issue tracker="cve" id="2023-21967"/>
  <issue tracker="cve" id="2023-21937"/>
  <issue tracker="cve" id="2023-2597"/>
  <issue tracker="cve" id="2023-21930"/>
  <issue tracker="cve" id="2023-21954"/>
  <issue tracker="bnc" id="1210637">VUL-0: CVE-2023-21968: java-1_8_0-ibm,java-1_8_0-openjdk,java-11-openjdk,java-17-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).</issue>
  <issue tracker="bnc" id="1210636">VUL-0: CVE-2023-21967: java-17-openjdk,java-1_8_0-ibm,java-11-openjdk,java-1_8_0-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).</issue>
  <issue tracker="bnc" id="1210634">VUL-0: CVE-2023-21939: java-11-openjdk,java-1_8_0-openjdk,java-17-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).</issue>
  <issue tracker="bnc" id="1210635">VUL-0: CVE-2023-21954: java-17-openjdk,java-1_8_0-openjdk,java-11-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).</issue>
  <issue tracker="bnc" id="1211615">VUL-0: CVE-2023-2597: java-1_8_0-openj9: buffer overflow in shared cache implementation</issue>
  <issue tracker="bnc" id="1210632">VUL-0: CVE-2023-21938: java-11-openjdk,java-1_8_0-openjdk,java-17-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).</issue>
  <issue tracker="bnc" id="1210631">VUL-0: CVE-2023-21937: java-11-openjdk,java-17-openjdk,java-1_8_0-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).</issue>
  <issue tracker="bnc" id="1210628">VUL-0: CVE-2023-21930: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk: unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openj9</summary>
  <description>This update for java-1_8_0-openj9 fixes the following issues:

Update to OpenJDK 8u372 build 07 with OpenJ9 0.38.0 virtual machine.

CVE-2023-21930: Unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1210628).
CVE-2023-21937: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). (bsc#1210631).
CVE-2023-21938: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). (bsc#1210632).
CVE-2023-21939: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). (bsc#1210634).
CVE-2023-21954: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). (bsc#1210635).
CVE-2023-21967: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). (bsc#1210636).
CVE-2023-21968: Fixed ulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) (bsc#1210637).
CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
</description>
</patchinfo>