Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:3287-1

Опубликовано: 11 авг. 2023
Источник: suse-cvrf

Описание

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues:

Updated to jdk-11.0.20+8 (July 2023 CPU):

  • CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473).

  • CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474).

  • CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475).

  • CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479).

  • CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481).

  • CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482).

  • CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922).

  • JDK-8298676: Enhanced Look and Feel

  • JDK-8300285: Enhance TLS data handling

  • JDK-8300596: Enhance Jar Signature validation

  • JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1

  • JDK-8302475: Enhance HTTP client file downloading

  • JDK-8302483: Enhance ZIP performance

  • JDK-8303376: Better launching of JDI

  • JDK-8304468: Better array usages

  • JDK-8305312: Enhanced path handling

  • JDK-8308682: Enhance AES performance

Bugfixes:

  • JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed
  • JDK-8178806: Better exception logging in crypto code
  • JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out
  • JDK-8209167: Use CLDR's time zone mappings for Windows
  • JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx
  • JDK-8209880: tzdb.dat is not reproducibly built
  • JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails
  • JDK-8214459: NSS source should be removed
  • JDK-8214807: Improve handling of very old class files
  • JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests
  • JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded
  • JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle
  • JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError
  • JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException
  • JDK-8243936: NonWriteable system properties are actually writeable
  • JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider
  • JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters
  • JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates
  • JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence
  • JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation
  • JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer
  • JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer
  • JDK-8265486: ProblemList javax/sound/midi/Sequencer/ /Recording.java on macosx-aarch64
  • JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
  • JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input?
  • JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
  • JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression
  • JDK-8275721: Name of UTC timezone in a locale changes depending on previous code
  • JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit)
  • JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary
  • JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905
  • JDK-8278434: timeouts in test java/time/test/java/time/format/ /TestZoneTextPrinterParser.java
  • JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption
  • JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error
  • JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test
  • JDK-8282467: add extra diagnostics for JDK-8268184
  • JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
  • JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2
  • JDK-8285497: Add system property for Java SE specification maintenance version
  • JDK-8286398: Address possibly lossy conversions in jdk.internal.le
  • JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code
  • JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider
  • JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable
  • JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies
  • JDK-8289301: P11Cipher should not throw out of bounds exception during padding
  • JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space
  • JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067
  • JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value
  • JDK-8291638: Keep-Alive timeout of 0 should close connection immediately
  • JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected
  • JDK-8293232: Fix race condition in pkcs11 SessionManager
  • JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
  • JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316
  • JDK-8294906: Memory leak in PKCS11 NSS TLS server
  • JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames
  • JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not
  • JDK-8297000: [jib] Add more friendly warning for proxy issues
  • JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter
  • JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors
  • JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE
  • JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument
  • JDK-8300205: Swing test bug8078268 make latch timeout configurable
  • JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550
  • JDK-8301119: Support for GB18030-2022
  • JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns
  • JDK-8301401: Allow additional characters for GB18030-2022 support
  • JDK-8302151: BMPImageReader throws an exception reading BMP images
  • JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message
  • JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN
  • JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return
  • JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20
  • JDK-8303440: The 'ZonedDateTime.parse' may not accept the 'UTC+XX' zone id
  • JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates
  • JDK-8303476: Add the runtime version in the release file of a JDK image
  • JDK-8303482: Update LCMS to 2.15
  • JDK-8303564: C2: 'Bad graph detected in build_loop_late' after a CMove is wrongly split thru phi
  • JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return
  • JDK-8303822: gtestMain should give more helpful output
  • JDK-8303861: Error handling step timeouts should never be blocked by OnError and others
  • JDK-8303937: Corrupted heap dumps due to missing retries for os::write()
  • JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype
  • JDK-8304291: [AIX] Broken build after JDK-8301998
  • JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998
  • JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0
  • JDK-8304760: Add 2 Microsoft TLS roots
  • JDK-8305113: (tz) Update Timezone Data to 2023c
  • JDK-8305400: ISO 4217 Amendment 175 Update
  • JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap VM
  • JDK-8305682: Update the javadoc in the Character class to state support for GB 18030-2022 Implementation Level 2
  • JDK-8305711: Arm: C2 always enters slowpath for monitorexit
  • JDK-8305721: add make compile-commands artifacts to .gitignore
  • JDK-8305975: Add TWCA Global Root CA
  • JDK-8306543: GHA: MSVC installation is failing
  • JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed
  • JDK-8306664: GHA: Update MSVC version to latest stepping
  • JDK-8306768: CodeCache Analytics reports wrong threshold
  • JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep
  • JDK-8307134: Add GTS root CAs
  • JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after backport of JDK-8303861
  • JDK-8308006: Missing NMT memory tagging in CMS
  • JDK-8308884: [17u/11u] Backout JDK-8297951
  • JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently
  • JDK-8311465: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20

Список пакетов

Container bci/openjdk-devel:11
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container bci/openjdk:11
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container containers/apache-tomcat:10.1-openjdk11
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container containers/apache-tomcat:9-openjdk11
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container suse/manager/5.0/x86_64/server-attestation:latest
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP4-Manager-Server-4-3
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Enterprise Storage 7.1
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise Server 15 SP1-LTSS
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise Server 15 SP2-LTSS
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise Server 15 SP3-LTSS
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Manager Proxy 4.2
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
SUSE Manager Server 4.2
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
openSUSE Leap 15.4
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1
java-11-openjdk-jmods-11.0.20.0-150000.3.99.1
java-11-openjdk-src-11.0.20.0-150000.3.99.1
openSUSE Leap 15.5
java-11-openjdk-11.0.20.0-150000.3.99.1
java-11-openjdk-demo-11.0.20.0-150000.3.99.1
java-11-openjdk-devel-11.0.20.0-150000.3.99.1
java-11-openjdk-headless-11.0.20.0-150000.3.99.1
java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1
java-11-openjdk-jmods-11.0.20.0-150000.3.99.1
java-11-openjdk-src-11.0.20.0-150000.3.99.1

Ссылки

Описание

unknown

Затронутые продукты
Container bci/openjdk-devel:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-devel-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container bci/openjdk:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Ссылки

Описание

unknown

Затронутые продукты
Container bci/openjdk-devel:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-devel-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container bci/openjdk:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Ссылки

Описание

unknown

Затронутые продукты
Container bci/openjdk-devel:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-devel-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container bci/openjdk:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Ссылки

Описание

unknown

Затронутые продукты
Container bci/openjdk-devel:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-devel-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container bci/openjdk:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Ссылки

Описание

unknown

Затронутые продукты
Container bci/openjdk-devel:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-devel-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container bci/openjdk:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Ссылки

Описание

unknown

Затронутые продукты
Container bci/openjdk-devel:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-devel-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container bci/openjdk:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Ссылки

Описание

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Затронутые продукты
Container bci/openjdk-devel:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-devel-11.0.20.0-150000.3.99.1
Container bci/openjdk-devel:11:java-11-openjdk-headless-11.0.20.0-150000.3.99.1
Container bci/openjdk:11:java-11-openjdk-11.0.20.0-150000.3.99.1
Ссылки