Release Info

Advisory: CLSA-2023:1689009395

OS: Ubuntu 16.04 ELS

Public date: 2023-07-10 13:16:37

Project: openjdk-8

Version: 8u372-ga-0ubuntu1~16.04+tuxcare.els1

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2023-1689009395.html

Changelog

* Backport upstream releases 8u372 to 16.04 LTS * CVEs fixed in 8u372: - CVE-2023-21930: Improper connection handling during TLS handshake - CVE-2023-21937: Missing string checks for NULL characters - CVE-2023-21938: Incorrect handling of NULL characters in ProcessBuilder - CVE-2023-21939: Swing HTML parsing issue - CVE-2023-21954: Incorrect enqueue of references in garbage collector - CVE-2023-21967: Certificate validation issue in TLS session negotiation - CVE-2023-21968: Missing check for slash characters in URI-to-path conversion * CVEs fixed in 8u362: - CVE-2023-21830: Improper restrictions in CORBA deserialization - CVE-2023-21843: Soundbank URL remote loading * debian/rules: remove IcedTeaPlugin.so reference (LP: #2016396) * debian/JB-jre-headless.postinst.in: trigger ca-certificates-java after jre is set up * Drop applied jdk8u-get-datetime-string.patch

Update

Update command: apt-get update apt-get --only-upgrade install openjdk-8*

Packages list

openjdk-8-demo_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-doc_8u372-ga-0ubuntu1~16.04+tuxcare.els1_all.deb openjdk-8-jdk_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-jdk-headless_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-jre_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-jre-headless_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-jre-jamvm_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-jre-zero_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-source_8u372-ga-0ubuntu1~16.04+tuxcare.els1_all.deb

CVEs

CVE-2023-21830
CVE-2023-21968
CVE-2023-21937
CVE-2023-21954
CVE-2023-21930
CVE-2023-21939
CVE-2023-21938
CVE-2023-21967
CVE-2023-21843