Updated java 1.8.0, 11 & latest packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Array out-of-bounds access due to missing range check in C1 compiler. CVE-2024-20918 RSA padding issue and timing side-channel attack against TLS. CVE-2024-20952 Arbitrary Java code execution in Nashorn. CVE-2024-20926 JVM class file verifier fla...

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVEs. For a complet...

[SECURITY] Fedora 40 Update: jss-5.5.0-1.fc40.1

Java Security Services JSS is a java native interface which provides a brid ge for java-based applications to use native Network Security Services NSS. This only works with gcj. Other JREs require that JCE providers be signed...

SUSE-SU-2024:0804-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS 8317547 bsc1218911. - CVE-2024-20921: Fixed range check loop optimization issue 8314307 bsc1218905. - CVE-2024-20926: Fixed rbitrary Java code executio...

SUSE-SU-2024:0726-1 Security update for Java

This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: - Changes in version 1.16.1: New features: + Added Maven property project.build.outputTimestamp for build reproducibility Bugs fixed: + Correct error in Base64 Javadoc + Added minimum Java version...

SUSE-SU-2024:0619-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 20: bsc1219843 Security fixes: - CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library bsc1219843. - CVE-2024-20932: Fixed incorrect handling of ZIP files...

The vulnerability of the Java-security-toolkit application programming interface regarding security code management lies in improper restrictions on path names to restricted directories. This allows attackers to execute arbitrary code.

The vulnerability of the Java-security-toolkit application programming interface relates to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

The vulnerability of the Security component of the Oracle Java SE software platform, as well as the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Security component of Oracle Java SE software, as well as of Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the...

SUSE-SU-2024:0325-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Updated to version 17.0.10 January 2024 CPU: - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check bsc1218907. - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier...

SUSE-SU-2024:0321-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 January 2024 CPU: - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check bsc1218907. - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier...

SUSE-SU-2024:0203-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 January 2024 CPU: - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check bsc1218907. - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier...

java-17-openjdk security and bug fix update

1:17.0.10.0.7-2.0.1 - Rebase to 17.0.10.0.7...

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: arbitrary Java code execution in Nashorn (8314284)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

Oracle OpenJDK 17.x Vulnerability (Jan 2024)

Oracle OpenJDK is prone to a vulnerability in the security-libs/java.security component. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache Shiro Path Traversal Vulnerability

Apache Shiro is a set of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation in the United States. A path traversal vulnerability exists in Apache Shiro versions prior to 1.130, prior to 2.0.0-alpha-4, which stems fr...

OESA-2023-1944 hsqldb1 security update

HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small about 100k, fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as...

com.sap.cds:cds-feature-identity (>=2.0.1 <=2.4.0), com.sap.cds:cds-starter-cloudfoundry (>=2.2.0 <=2.4.0) +7 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security:java-security (>=3.0.0 <=3.2.1)

com.sap.cloud.security:java-security MAVEN version =3.0.0, =2.0.1, =2.2.0, =2.2.0, =1.0.4, =1.0.4, =1.0.4, =3.0.0, =3.0.0, =3.0.0, =3.2.1 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

SUSE-SU-2023:4612-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: Update to OpenJDK 8u392 build 08 with OpenJ9 0.41.0 virtual machine - CVE-2023-22067: Fixed an IOR deserialization issue in CORBA bsc1216379. - CVE-2023-22081: Fixed a certificate path validation issue during client authentication...