File _patchinfo of Package patchinfo.31518

<patchinfo incident="31518">
  <issue tracker="bnc" id="1216640">VUL-0: java-1_8_0-ibm: IBM Security Update October 2023</issue>
  <issue tracker="bnc" id="1216339">VUL-0: CVE-2023-22025: java-17-openjdk, java-21-openjdk: memory corruption issue on x86_64 with AVX-512</issue>
  <issue tracker="bnc" id="1204264">L3-Question: java:ibm: idlj compiler switch definition because IBM java idlj seems to confuse char and wchar</issue>
  <issue tracker="bnc" id="1217214">VUL-0: CVE-2023-5676: java-1_8_0-openj9: receiving a signal before initialization may lead to an infinite loop or unexpected crash</issue>
  <issue tracker="bnc" id="1216379">VUL-0: CVE-2023-22067: java-1_8_0-openjdk: IOR deserialization issue in CORBA</issue>
  <issue tracker="bnc" id="1216374">VUL-0: CVE-2023-22081: java-1_8_0-openjdk,java-9-openjdk,java-10-openjdk,java-11-openjdk,java-17-openjdk: Oracle October 2023 CPU</issue>
  <issue tracker="cve" id="2023-22067"/>
  <issue tracker="cve" id="2023-5676"/>
  <issue tracker="cve" id="2023-22081"/>
  <issue tracker="cve" id="2023-22025"/>
  <packager>pmonrealgonzalez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-ibm</summary>
  <description>This update for java-1_8_0-ibm fixes the following issues:

- Update to Java 8.0 Service Refresh 8 Fix Pack 15:
  * Oracle October 17 2023 CPU [bsc#1216640]

Security fixes:

- CVE-2023-22081: Fixed enhanced TLS connections (bsc#1216374)
- CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379)
- CVE-2023-22025: Fixed memory corruption issue on x86_64 with AVX-512 (bsc#1216339)
- CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214)

Bug fixes:

- IBM Java idlj compiler switch definition because IBM java idlj seems to confuse char and wchar for typedef types (bsc#1204264).
</description>
</patchinfo>
openSUSE Build Service is sponsored by