Advisory: CLSA-2023:1689009395
OS: Ubuntu 16.04 ELS
Public date: 2023-07-10 13:16:37
Project: openjdk-8
Version: 8u372-ga-0ubuntu1~16.04+tuxcare.els1
Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2023-1689009395.html
* Backport upstream releases 8u372 to 16.04 LTS * CVEs fixed in 8u372: - CVE-2023-21930: Improper connection handling during TLS handshake - CVE-2023-21937: Missing string checks for NULL characters - CVE-2023-21938: Incorrect handling of NULL characters in ProcessBuilder - CVE-2023-21939: Swing HTML parsing issue - CVE-2023-21954: Incorrect enqueue of references in garbage collector - CVE-2023-21967: Certificate validation issue in TLS session negotiation - CVE-2023-21968: Missing check for slash characters in URI-to-path conversion * CVEs fixed in 8u362: - CVE-2023-21830: Improper restrictions in CORBA deserialization - CVE-2023-21843: Soundbank URL remote loading * debian/rules: remove IcedTeaPlugin.so reference (LP: #2016396) * debian/JB-jre-headless.postinst.in: trigger ca-certificates-java after jre is set up * Drop applied jdk8u-get-datetime-string.patch
Update command: apt-get update apt-get --only-upgrade install openjdk-8*
openjdk-8-demo_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-doc_8u372-ga-0ubuntu1~16.04+tuxcare.els1_all.deb openjdk-8-jdk_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-jdk-headless_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-jre_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-jre-headless_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-jre-jamvm_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-jre-zero_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb openjdk-8-source_8u372-ga-0ubuntu1~16.04+tuxcare.els1_all.deb