OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

OPENSUSE-SU-2024:13076-1 java-17-openjdk-17.0.8.0-1.1 on GA media

These are all security issues fixed in the java-17-openjdk-17.0.8.0-1.1 package on the GA media of openSUSE Tumbleweed...

OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

OpenJDK: integer overflow in C1 compiler address generation (8322122)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

OpenJDK: integer overflow in C1 compiler address generation (8322122)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

[SECURITY] Fedora 37 Update: java-latest-openjdk-21.0.1.0.12-1.rolling.fc37

The OpenJDK 21 runtime environment...

MGASA-2023-0326 Updated java openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Segmentation fault in ciMethodBlocks. CVE-2022-40433 Certificate path validation issue during client authentication. CVE-2023-22081 IOR deserialization issue in CORBA. CVE-2023-22067...

SUSE-SU-2023:4152-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Upgraded to JDK 11.0.21+9 October 2023 CPU: - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS bsc1216374. Please visit the Oracle Release Notes page for the full changelog:...

SUSE-SU-2023:3443-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u382 icedtea-3.28.0 - CVE-2023-22045: Fixed a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterpri...

OpenJDK: array indexing integer overflow issue (8304468)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

SUSE-SU-2023:2222-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upsteam tag jdk-11.0.19+7 April 2023 CPU: - CVE-2023-21930: Fixed AES support bsc1210628. - CVE-2023-21937: Fixed String platform support bsc1210631. - CVE-2023-21938: Fixed runtime support bsc1210632. - CVE-2023-21939: Fixed...

SUSE-SU-2023:0752-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - CVE-2023-21843: Fixed soundbank URL remote loading bsc1207248. - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections bsc1207246. Bugfixes: - Remove broken accessibility sub-package bsc1206549...

USN-5897-1 openjdk-17, openjdk-19, openjdk-lts vulnerabilities

Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. CVE-2023-218...

CLSA-2022-1659643989 Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21541, CVE-2022-21540, CVE-2022-34169

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07. That fixes following CVEs: - CVE-2022-34169: Integer truncation issue in Xalan-J - CVE-2022-21540: Class compilation issue - CVE-2022-21541: Improper restriction of MethodHandle.invokeBasic - Update tzdata requirement to 2022a to match...

CLSA-2022-1659638796 Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21541, CVE-2022-34169, CVE-2022-21540

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07. That fixes following CVEs: - CVE-2022-34169: Integer truncation issue in Xalan-J - CVE-2022-21540: Class compilation issue - CVE-2022-21541: Improper restriction of MethodHandle.invokeBasic - Update tzdata requirement to 2022a to match...

CLSA-2022-1659636917 Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07. That fixes following CVEs: - CVE-2022-34169: Integer truncation issue in Xalan-J - CVE-2022-21540: Class compilation issue - CVE-2022-21541: Improper restriction of MethodHandle.invokeBasic - Update tzdata requirement to 2022a to match...

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

SUSE: Security Advisory (SUSE-SU-2022:0784-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

Critical: java-11-openjdk

Issue Overview: No versions of an Amazon Linux Java Virtual Machine JVM are affected by CVE-2021-44228 or CVE-2021-45046. However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in...