SUSE-SU-2021:3770-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version OpenJDK 8u312 October 2021 CPU: - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS bsc1191901. - CVE-2021-35556: Fixed excessive memory allocation in RTFParser bsc1191910. - CVE-2021-35559: Fixed...

OPENSUSE-SU-2021:3770-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version OpenJDK 8u312 October 2021 CPU: - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS bsc1191901. - CVE-2021-35556: Fixed excessive memory allocation in RTFParser bsc1191910. - CVE-2021-35559: Fixed...

DSA-5004-1 libxstream-java - security update

Bulletin has no description...

OPENSUSE-SU-2021:1455-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: Update to OpenJDK 8u312 build 07 with OpenJ9 0.29.0 virtual machine including Oracle July 2021 and October 2021 CPU changes - CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder on Windows bsc1185056. ...

OPENSUSE-SU-2021:3615-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: Update to OpenJDK 8u312 build 07 with OpenJ9 0.29.0 virtual machine including Oracle July 2021 and October 2021 CPU changes - CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder on Windows bsc1185056. ...

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker...

OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

GHSA-J8WC-GXX9-82HX Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

SUSE-SU-2021:2952-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.12+7 - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files. bsc1188565 - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. bsc1188566 -...

OPENSUSE-SU-2021:2952-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.12+7 - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files. bsc1188565 - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. bsc1188566 -...

SUSE-SU-2021:2798-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u302 icedtea 3.20.0 - CVE-2021-2341: Improve file transfers. bsc1188564 - CVE-2021-2369: Better jar file validation. bsc1188565 - CVE-2021-2388: Enhance compiler validation. bsc1188566 - CVE-2021-2161: Less...

SUSE-SU-2021:2797-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u302 icedtea 3.20.0 - CVE-2021-2341: Improve file transfers. bsc1188564 - CVE-2021-2369: Better jar file validation. bsc1188565 - CVE-2021-2388: Enhance compiler validation. bsc1188566 - CVE-2021-2161: Less...

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

DLA-2712-1 libjdom1-java - security update

Bulletin has no description...

OPENSUSE-SU-2021:1989-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u292 icedtea 3.19.0. - CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms bsc1185055...

MGASA-2021-0298 Updated java-openjdk packages fix security vulnerabilities

For java-1.8.0 Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing -...