Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVEs. For a complet...

[SECURITY] Fedora 40 Update: jss-5.5.0-1.fc40.1

Java Security Services JSS is a java native interface which provides a brid ge for java-based applications to use native Network Security Services NSS. This only works with gcj. Other JREs require that JCE providers be signed...

SUSE-SU-2024:0804-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS 8317547 bsc1218911. - CVE-2024-20921: Fixed range check loop optimization issue 8314307 bsc1218905. - CVE-2024-20926: Fixed rbitrary Java code executio...

SUSE-SU-2024:0726-1 Security update for Java

This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: - Changes in version 1.16.1: New features: + Added Maven property project.build.outputTimestamp for build reproducibility Bugs fixed: + Correct error in Base64 Javadoc + Added minimum Java version...

SUSE-SU-2024:0619-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 20: bsc1219843 Security fixes: - CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library bsc1219843. - CVE-2024-20932: Fixed incorrect handling of ZIP files...

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

SUSE-SU-2024:0325-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Updated to version 17.0.10 January 2024 CPU: - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check bsc1218907. - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier...

SUSE-SU-2024:0321-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 January 2024 CPU: - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check bsc1218907. - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier...

SUSE-SU-2024:0203-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 January 2024 CPU: - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check bsc1218907. - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier...

java-17-openjdk security and bug fix update

1:17.0.10.0.7-2.0.1 - Rebase to 17.0.10.0.7...

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: arbitrary Java code execution in Nashorn (8314284)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

Oracle OpenJDK 17.x Vulnerability (Jan 2024)

Oracle OpenJDK is prone to a vulnerability in the security-libs/java.security component. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache Shiro Path Traversal Vulnerability

Apache Shiro is a set of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation in the United States. A path traversal vulnerability exists in Apache Shiro versions prior to 1.130, prior to 2.0.0-alpha-4, which stems fr...

OESA-2023-1944 hsqldb1 security update

HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small about 100k, fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as...

com.sap.cds:cds-feature-identity (>=2.0.1 <=2.4.0), com.sap.cds:cds-starter-cloudfoundry (>=2.2.0 <=2.4.0) +7 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security:java-security (>=3.0.0 <=3.2.1)

com.sap.cloud.security:java-security MAVEN version =3.0.0, =2.0.1, =2.2.0, =2.2.0, =1.0.4, =1.0.4, =1.0.4, =3.0.0, =3.0.0, =3.0.0, =3.2.1 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

com.codbex.kronos:codbex-kronos-coverage-aggregate (>=0.2.0 <=0.4.0), com.codbex.kronos:codbex-kronos-modules-all (>=0.2.0 <=0.4.0) +66 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security:java-security (>=2.10.0 <=2.16.0)

com.sap.cloud.security:java-security MAVEN version =2.10.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.4.0 and more Source cves: CVE-2023-50422, CVE-2023-50424 Sou...

SUSE-SU-2023:4612-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: Update to OpenJDK 8u392 build 08 with OpenJ9 0.41.0 virtual machine - CVE-2023-22067: Fixed an IOR deserialization issue in CORBA bsc1216379. - CVE-2023-22081: Fixed a certificate path validation issue during client authentication...

SUSE-SU-2023:4506-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u392 icedtea-3.29.0 October 2023 CPU: - CVE-2023-22067: Fixed IOR deserialization issue in CORBA bsc1216379. - CVE-2023-22081: Fixed certificate path validation issue during client authentication bsc1216374. -...

ALSA-2023:6738 Moderate: java-21-openjdk security and bug fix update

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...