SUSE-SU-2023:3287-1: important: Security update for java-11-openjdk

# Security update for java-11-openjdk Announcement ID: SUSE-SU-2023:3287-1 Rating: important References: * #1207922 * #1213473 * #1213474 * #1213475 * #1213479 * #1213481 * #1213482 Cross-References: * CVE-2023-22006 * CVE-2023-22036 * CVE-2023-22041 * CVE-2023-22044 * CVE-2023-22045 * CVE-2023-22049 * CVE-2023-25193 CVSS scores: * CVE-2023-22006 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22006 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22036 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22036 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22041 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22041 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22044 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22044 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22049 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 (July 2023 CPU): * CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). * CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). * CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). * CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). * CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). * CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). * CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). * JDK-8298676: Enhanced Look and Feel * JDK-8300285: Enhance TLS data handling * JDK-8300596: Enhance Jar Signature validation * JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 * JDK-8302475: Enhance HTTP client file downloading * JDK-8302483: Enhance ZIP performance * JDK-8303376: Better launching of JDI * JDK-8304468: Better array usages * JDK-8305312: Enhanced path handling * JDK-8308682: Enhance AES performance Bugfixes: * JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed * JDK-8178806: Better exception logging in crypto code * JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out * JDK-8209167: Use CLDR's time zone mappings for Windows * JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx * JDK-8209880: tzdb.dat is not reproducibly built * JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails * JDK-8214459: NSS source should be removed * JDK-8214807: Improve handling of very old class files * JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests * JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded * JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle * JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError * JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException * JDK-8243936: NonWriteable system properties are actually writeable * JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider * JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters * JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates * JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence * JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation * JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer * JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer * JDK-8265486: ProblemList javax/sound/midi/Sequencer/ /Recording.java on macosx-aarch64 * JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped * JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input? * JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile * JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression * JDK-8275721: Name of UTC timezone in a locale changes depending on previous code * JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) * JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary * JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 * JDK-8278434: timeouts in test java/time/test/java/time/format/ /TestZoneTextPrinterParser.java * JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption * JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error * JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test * JDK-8282467: add extra diagnostics for JDK-8268184 * JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary * JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 * JDK-8285497: Add system property for Java SE specification maintenance version * JDK-8286398: Address possibly lossy conversions in jdk.internal.le * JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code * JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider * JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable * JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies * JDK-8289301: P11Cipher should not throw out of bounds exception during padding * JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space * JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 * JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value * JDK-8291638: Keep-Alive timeout of 0 should close connection immediately * JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected * JDK-8293232: Fix race condition in pkcs11 SessionManager * JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation * JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316 * JDK-8294906: Memory leak in PKCS11 NSS TLS server * JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames * JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not * JDK-8297000: [jib] Add more friendly warning for proxy issues * JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter * JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors * JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE * JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument * JDK-8300205: Swing test bug8078268 make latch timeout configurable * JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550 * JDK-8301119: Support for GB18030-2022 * JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns * JDK-8301401: Allow additional characters for GB18030-2022 support * JDK-8302151: BMPImageReader throws an exception reading BMP images * JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message * JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN * JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return * JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20 * JDK-8303440: The "ZonedDateTime.parse" may not accept the "UTC+XX" zone id * JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates * JDK-8303476: Add the runtime version in the release file of a JDK image * JDK-8303482: Update LCMS to 2.15 * JDK-8303564: C2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi * JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return * JDK-8303822: gtestMain should give more helpful output * JDK-8303861: Error handling step timeouts should never be blocked by OnError and others * JDK-8303937: Corrupted heap dumps due to missing retries for os::write() * JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype * JDK-8304291: [AIX] Broken build after JDK-8301998 * JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 * JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 * JDK-8304760: Add 2 Microsoft TLS roots * JDK-8305113: (tz) Update Timezone Data to 2023c * JDK-8305400: ISO 4217 Amendment 175 Update * JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap VM * JDK-8305682: Update the javadoc in the Character class to state support for GB 18030-2022 Implementation Level 2 * JDK-8305711: Arm: C2 always enters slowpath for monitorexit * JDK-8305721: add `make compile-commands` artifacts to .gitignore * JDK-8305975: Add TWCA Global Root CA * JDK-8306543: GHA: MSVC installation is failing * JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed * JDK-8306664: GHA: Update MSVC version to latest stepping * JDK-8306768: CodeCache Analytics reports wrong threshold * JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep * JDK-8307134: Add GTS root CAs * JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after backport of JDK-8303861 * JDK-8308006: Missing NMT memory tagging in CMS * JDK-8308884: [17u/11u] Backout JDK-8297951 * JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently * JDK-8311465: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3287=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3287=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3287=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3287=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3287=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3287=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3287=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3287=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3287=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3287=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3287=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3287=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3287=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3287=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3287=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3287=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3287=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3287=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3287=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3287=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-src-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-jmods-11.0.20.0-150000.3.99.1 * openSUSE Leap 15.4 (noarch) * java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-src-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-jmods-11.0.20.0-150000.3.99.1 * openSUSE Leap 15.5 (noarch) * java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Package Hub 15 15-SP4 (noarch) * java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1 * SUSE Package Hub 15 15-SP5 (noarch) * java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Manager Proxy 4.2 (x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE CaaS Platform 4.0 (x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22006.html * https://www.suse.com/security/cve/CVE-2023-22036.html * https://www.suse.com/security/cve/CVE-2023-22041.html * https://www.suse.com/security/cve/CVE-2023-22044.html * https://www.suse.com/security/cve/CVE-2023-22045.html * https://www.suse.com/security/cve/CVE-2023-22049.html * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1207922 * https://bugzilla.suse.com/show_bug.cgi?id=1213473 * https://bugzilla.suse.com/show_bug.cgi?id=1213474 * https://bugzilla.suse.com/show_bug.cgi?id=1213475 * https://bugzilla.suse.com/show_bug.cgi?id=1213479 * https://bugzilla.suse.com/show_bug.cgi?id=1213481 * https://bugzilla.suse.com/show_bug.cgi?id=1213482