SUSE-SU-2024:2578-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Updated to version 21.0.4+7 July 2024 CPU: - CVE-2024-21131: Fixed a potential UTF8 size overflow bsc1228046. - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length bsc1228047. - CVE-2024-21140: Fixed a pre-loop limit...

java-1.8.0-openjdk security update

1.8.0.422.b05-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:1.8.0.422.b05-1.1 - Update to shenandoah-jdk8u422-b05 GA - Update release notes for shenandoah-8u422-b05. - Rebase PR2462 patch following patched hunk being removed by JDK-8322106 - Switch to GA mode. - Sync the copy of the portab...

OPENSUSE-SU-2024:13996-1 java-17-openj9-17.0.11.0-1.1 on GA media

These are all security issues fixed in the java-17-openj9-17.0.11.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10874-1 java-16-openjdk-16.0.2.0-2.1 on GA media

These are all security issues fixed in the java-16-openjdk-16.0.2.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12018-1 java-11-openjdk-11.0.15.0-1.1 on GA media

These are all security issues fixed in the java-11-openjdk-11.0.15.0-1.1 package on the GA media of openSUSE Tumbleweed...

Oracle Java SE Multiple Vulnerabilities (April 2023 CPU)

CVE-2023-21930 CVSS 3.1 Base Score 7.4 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2023-21937 CVSS 3.1 Base Score 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-21938 CVSS 3.1 Base Score 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N...

SUSE-SU-2024:1874-1 Security update for Java

This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added LICENSE/NOTICE to the generated jar - Allow @API to be declared at the package level - Explain usage of Status.DEPRECATED - Include OSGi metadata in manifest assertj-core was implemented at version...

SUSE-SU-2024:1859-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 25 bsc1223470: - CVE-2023-38264: Fixed Object Request Broker ORB denial of service bsc1224164. - CVE-2024-21094: Fixed C2 compilation fails with 'Exceeded noderegs array' bsc1222986. -...

SUSE-SU-2024:1793-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: Update to OpenJDK 8u412 build 08 with OpenJ9 0.44.0 virtual machine: - CVE-2024-21094: Fixed C2 compilation failure with 'Exceeded noderegs array' bsc1222986. - CVE-2024-21011: Fixed long Exception message leading to crash bsc1222979. -...

SUSE-SU-2024:1499-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...

SUSE-SU-2024:1498-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...

com.srcclr:srcclr-maven-plugin (>=3.1.23 <=3.1.25), org.keycloak:keycloak-crypto-fips1402 (>=19.0.0 <=25.0.6) +17 more potentially affected by CVE-2024-34447 via org.bouncycastle:bctls-fips (>=1.0.12.2 <=1.0.18)

org.bouncycastle:bctls-fips MAVEN version =1.0.12.2, =3.1.23, =19.0.0, =14.7.0.0, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.6.3 and more Source cves: CVE-2024-34447 Source advisory:...

SUSE-SU-2024:1450-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation JDK-8322122,bsc1222983 - CVE-2024-21085: Fixed Pack200...

SUSE CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...

java-11-openjdk security update

1:11.0.23.0.9-3.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:11.0.23.0.9-2 - Fix 11.0.22 release date in NEWS 1:11.0.23.0.9-1 - Update to jdk-11.0.23+9 GA - Update release notes to 11.0.23+9 - Switch to GA mode for release - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - On...

OpenJDK: integer overflow in C1 compiler address generation (8322122)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

java-17-openjdk security update

17.0.11.0.9-2.0.1 - Add Oracle vendor bug URL 1:17.0.11.0.9-2 - Update to jdk-17.0.11+9 GA - Add openjdk-17.0.11+9.tar.xz to .gitignore - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Update buildver from 7 to 9 - Update portablerelease from 1 to 3 - Change isga from 0 to ...

OpenJDK: long Exception message leading to crash (8319851)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

OpenJDK: integer overflow in C1 compiler address generation (8322122)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

Updated java 1.8.0, 11 & latest packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Array out-of-bounds access due to missing range check in C1 compiler. CVE-2024-20918 RSA padding issue and timing side-channel attack against TLS. CVE-2024-20952 Arbitrary Java code execution in Nashorn. CVE-2024-20926 JVM class file verifier fla...