File _patchinfo of Package patchinfo.31518
<patchinfo incident="31518">
<issue tracker="bnc" id="1216640">VUL-0: java-1_8_0-ibm: IBM Security Update October 2023</issue>
<issue tracker="bnc" id="1216339">VUL-0: CVE-2023-22025: java-17-openjdk, java-21-openjdk: memory corruption issue on x86_64 with AVX-512</issue>
<issue tracker="bnc" id="1204264">L3-Question: java:ibm: idlj compiler switch definition because IBM java idlj seems to confuse char and wchar</issue>
<issue tracker="bnc" id="1217214">VUL-0: CVE-2023-5676: java-1_8_0-openj9: receiving a signal before initialization may lead to an infinite loop or unexpected crash</issue>
<issue tracker="bnc" id="1216379">VUL-0: CVE-2023-22067: java-1_8_0-openjdk: IOR deserialization issue in CORBA</issue>
<issue tracker="bnc" id="1216374">VUL-0: CVE-2023-22081: java-1_8_0-openjdk,java-9-openjdk,java-10-openjdk,java-11-openjdk,java-17-openjdk: Oracle October 2023 CPU</issue>
<issue tracker="cve" id="2023-22067"/>
<issue tracker="cve" id="2023-5676"/>
<issue tracker="cve" id="2023-22081"/>
<issue tracker="cve" id="2023-22025"/>
<packager>pmonrealgonzalez</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for java-1_8_0-ibm</summary>
<description>This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 8 Fix Pack 15:
* Oracle October 17 2023 CPU [bsc#1216640]
Security fixes:
- CVE-2023-22081: Fixed enhanced TLS connections (bsc#1216374)
- CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379)
- CVE-2023-22025: Fixed memory corruption issue on x86_64 with AVX-512 (bsc#1216339)
- CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214)
Bug fixes:
- IBM Java idlj compiler switch definition because IBM java idlj seems to confuse char and wchar for typedef types (bsc#1204264).
</description>
</patchinfo>