SUSE 5181 Published by

A java-11-openjdk security update has been released for openSUSE Leap and SUSE Linux Enterprise.



SUSE-SU-2023:3287-1: important: Security update for java-11-openjdk


# Security update for java-11-openjdk

Announcement ID: SUSE-SU-2023:3287-1
Rating: important
References:

* #1207922
* #1213473
* #1213474
* #1213475
* #1213479
* #1213481
* #1213482

Cross-References:

* CVE-2023-22006
* CVE-2023-22036
* CVE-2023-22041
* CVE-2023-22044
* CVE-2023-22045
* CVE-2023-22049
* CVE-2023-25193

CVSS scores:

* CVE-2023-22006 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2023-22006 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2023-22036 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-22036 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-22041 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-22041 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-22044 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-22044 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-22045 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-22049 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE CaaS Platform 4.0
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
* SUSE Package Hub 15 15-SP5

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for java-11-openjdk fixes the following issues:

Updated to jdk-11.0.20+8 (July 2023 CPU):

* CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473).
* CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474).
* CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475).
* CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479).
* CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481).
* CVE-2023-22049: Fixed vulnerability in the libraries component
(bsc#1213482).
* CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module
(bsc#1207922).

* JDK-8298676: Enhanced Look and Feel

* JDK-8300285: Enhance TLS data handling
* JDK-8300596: Enhance Jar Signature validation
* JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
* JDK-8302475: Enhance HTTP client file downloading
* JDK-8302483: Enhance ZIP performance
* JDK-8303376: Better launching of JDI
* JDK-8304468: Better array usages
* JDK-8305312: Enhanced path handling
* JDK-8308682: Enhance AES performance

Bugfixes:

* JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed
* JDK-8178806: Better exception logging in crypto code
* JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out
* JDK-8209167: Use CLDR's time zone mappings for Windows
* JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx
* JDK-8209880: tzdb.dat is not reproducibly built
* JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails
* JDK-8214459: NSS source should be removed
* JDK-8214807: Improve handling of very old class files
* JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests
* JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must
be at least loaded
* JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle
* JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with
AssertionError
* JDK-8232853: AuthenticationFilter.Cache::remove may throw
ConcurrentModificationException
* JDK-8243936: NonWriteable system properties are actually writeable
* JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when
using Entrust provider
* JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r
(CR) characters
* JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates
* JDK-8259530: Generated docs contain MIT/GPL-licenced works without
reproducing the licence
* JDK-8263420: Incorrect function name in NSAccessibilityStaticText native
peer implementation
* JDK-8264290: Create implementation for NSAccessibilityComponentGroup
protocol peer
* JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer
* JDK-8265486: ProblemList javax/sound/midi/Sequencer/ /Recording.java on
macosx-aarch64
* JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
* JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling
input?
* JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
* JDK-8275233: Incorrect line number reported in exception stack trace thrown
from a lambda expression
* JDK-8275721: Name of UTC timezone in a locale changes depending on previous
code
* JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit)
* JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary
* JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905
* JDK-8278434: timeouts in test java/time/test/java/time/format/
/TestZoneTextPrinterParser.java
* JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[]
allocations during decryption
* JDK-8282077: PKCS11 provider C_sign() impl should handle
CKR_BUFFER_TOO_SMALL error
* JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test
* JDK-8282467: add extra diagnostics for JDK-8268184
* JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not
necessary
* JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2
* JDK-8285497: Add system property for Java SE specification maintenance
version
* JDK-8286398: Address possibly lossy conversions in jdk.internal.le
* JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code
* JDK-8287246: DSAKeyValue should check for missing params instead of relying
on KeyFactory provider
* JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is
unstable
* JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with
information on 4th party dependencies
* JDK-8289301: P11Cipher should not throw out of bounds exception during
padding
* JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space
* JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067
* JDK-8291637: HttpClient default keep alive timeout not followed if server
sends invalid value
* JDK-8291638: Keep-Alive timeout of 0 should close connection immediately
* JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than
expected
* JDK-8293232: Fix race condition in pkcs11 SessionManager
* JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages
during normal operation
* JDK-8294548: Problem list SA core file tests on macosx-x64 due to
JDK-8294316
* JDK-8294906: Memory leak in PKCS11 NSS TLS server
* JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native
stack when there are no Java frames
* JDK-8296934: Write a test to verify whether Undecorated Frame can be
iconified or not
* JDK-8297000: [jib] Add more friendly warning for proxy issues
* JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show
parameter
* JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors
* JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv
phi of loop resulting in SIGFPE
* JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant
NULL src argument
* JDK-8300205: Swing test bug8078268 make latch timeout configurable
* JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly
handled after JDK-8293550
* JDK-8301119: Support for GB18030-2022
* JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns
* JDK-8301401: Allow additional characters for GB18030-2022 support
* JDK-8302151: BMPImageReader throws an exception reading BMP images
* JDK-8302791: Add specific ClassLoader object to Proxy
IllegalArgumentException message
* JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than
O_BUFLEN
* JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease
call in early potential CHECK_NULL return
* JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20
* JDK-8303440: The "ZonedDateTime.parse" may not accept the "UTC+XX" zone id
* JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show
all trusted certificates
* JDK-8303476: Add the runtime version in the release file of a JDK image
* JDK-8303482: Update LCMS to 2.15
* JDK-8303564: C2: "Bad graph detected in build_loop_late" after a CMove is
wrongly split thru phi
* JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call
in early potential CHECK_NULL return
* JDK-8303822: gtestMain should give more helpful output
* JDK-8303861: Error handling step timeouts should never be blocked by OnError
and others
* JDK-8303937: Corrupted heap dumps due to missing retries for os::write()
* JDK-8304134: jib bootstrapper fails to quote filename when checking download
filetype
* JDK-8304291: [AIX] Broken build after JDK-8301998
* JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998
* JDK-8304350: Font.getStringBounds calculates wrong width for
TextAttribute.TRACKING other than 0.0
* JDK-8304760: Add 2 Microsoft TLS roots
* JDK-8305113: (tz) Update Timezone Data to 2023c
* JDK-8305400: ISO 4217 Amendment 175 Update
* JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap
VM
* JDK-8305682: Update the javadoc in the Character class to state support for
GB 18030-2022 Implementation Level 2
* JDK-8305711: Arm: C2 always enters slowpath for monitorexit
* JDK-8305721: add `make compile-commands` artifacts to .gitignore
* JDK-8305975: Add TWCA Global Root CA
* JDK-8306543: GHA: MSVC installation is failing
* JDK-8306658: GHA: MSVC installation could be optional since it might already
be pre-installed
* JDK-8306664: GHA: Update MSVC version to latest stepping
* JDK-8306768: CodeCache Analytics reports wrong threshold
* JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep
* JDK-8307134: Add GTS root CAs
* JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after
backport of JDK-8303861
* JDK-8308006: Missing NMT memory tagging in CMS
* JDK-8308884: [17u/11u] Backout JDK-8297951
* JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails
intermittently
* JDK-8311465: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for
release 11.0.20

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3287=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3287=1

* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3287=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3287=1

* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3287=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3287=1

* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3287=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3287=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3287=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3287=1

* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3287=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3287=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3287=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3287=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3287=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3287=1

* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3287=1

* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3287=1

* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3287=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3287=1

* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-src-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-jmods-11.0.20.0-150000.3.99.1
* openSUSE Leap 15.4 (noarch)
* java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-src-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-jmods-11.0.20.0-150000.3.99.1
* openSUSE Leap 15.5 (noarch)
* java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Package Hub 15 15-SP4 (noarch)
* java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1
* SUSE Package Hub 15 15-SP5 (noarch)
* java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Manager Proxy 4.2 (x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1
* SUSE CaaS Platform 4.0 (x86_64)
* java-11-openjdk-demo-11.0.20.0-150000.3.99.1
* java-11-openjdk-headless-11.0.20.0-150000.3.99.1
* java-11-openjdk-11.0.20.0-150000.3.99.1
* java-11-openjdk-devel-11.0.20.0-150000.3.99.1

## References:

* https://www.suse.com/security/cve/CVE-2023-22006.html
* https://www.suse.com/security/cve/CVE-2023-22036.html
* https://www.suse.com/security/cve/CVE-2023-22041.html
* https://www.suse.com/security/cve/CVE-2023-22044.html
* https://www.suse.com/security/cve/CVE-2023-22045.html
* https://www.suse.com/security/cve/CVE-2023-22049.html
* https://www.suse.com/security/cve/CVE-2023-25193.html
* https://bugzilla.suse.com/show_bug.cgi?id=1207922
* https://bugzilla.suse.com/show_bug.cgi?id=1213473
* https://bugzilla.suse.com/show_bug.cgi?id=1213474
* https://bugzilla.suse.com/show_bug.cgi?id=1213475
* https://bugzilla.suse.com/show_bug.cgi?id=1213479
* https://bugzilla.suse.com/show_bug.cgi?id=1213481
* https://bugzilla.suse.com/show_bug.cgi?id=1213482