[CLSA-2023:1689009395] Fix of 9 CVEs

Type:

security

Severity:

Important

Release date:

2023-07-10 17:16:50 UTC

Description:

   * Backport upstream releases 8u372 to 16.04 LTS
   * CVEs fixed in 8u372:
     - CVE-2023-21930: Improper connection handling during TLS handshake
     - CVE-2023-21937: Missing string checks for NULL characters
     - CVE-2023-21938: Incorrect handling of NULL characters in ProcessBuilder
     - CVE-2023-21939: Swing HTML parsing issue
     - CVE-2023-21954: Incorrect enqueue of references in garbage collector
     - CVE-2023-21967: Certificate validation issue in TLS session negotiation
     - CVE-2023-21968: Missing check for slash characters in URI-to-path conversion
   * CVEs fixed in 8u362:
     - CVE-2023-21830: Improper restrictions in CORBA deserialization
     - CVE-2023-21843: Soundbank URL remote loading
   * debian/rules: remove IcedTeaPlugin.so reference (LP: #2016396)
   * debian/JB-jre-headless.postinst.in: trigger ca-certificates-java after jre
     is set up
   * Drop applied jdk8u-get-datetime-string.patch

Updated packages:

openjdk-8-demo_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:a383f034711513d3dde04d422f4bfe513f1c336e
openjdk-8-doc_8u372-ga-0ubuntu1~16.04+tuxcare.els1_all.deb
sha:d4d1f14b6b0bf3d07351b29e243cbd5de6e098f2
openjdk-8-jdk_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:dfab50371e839af23db49a8f3d8de928790404dc
openjdk-8-jdk-headless_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:0bcac22ea67f3ad0f655bdb1ca283a7be1220a57
openjdk-8-jre_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:2e6d66bb32e15c2bb58057ad0aebf7ac97832f9b
openjdk-8-jre-headless_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:2a3442b853a7aad9d2e10355d942ff8b8f0a3065
openjdk-8-jre-jamvm_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:0528ce22f054c93ef848b28a37dcb89f8c0be937
openjdk-8-jre-zero_8u372-ga-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:684815b78047d15f01d4edf47654f691ac680a22
openjdk-8-source_8u372-ga-0ubuntu1~16.04+tuxcare.els1_all.deb
sha:0017213c78e51d56baede2d00fcd3808401db1d1

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.