Vulnerability-Lookup

OPENSUSE-SU-2025:0066-1

Vulnerability from csaf_opensuse - Published: 2025-02-18 16:58 - Updated: 2025-02-18 16:58

Summary

Security update for java-11-openj9

Severity

Important

Notes

Title of the patch: Security update for java-11-openj9

Description of the patch: This update for java-11-openj9 fixes the following issues: - Update to OpenJDK 11.0.26 with OpenJ9 0.49.0 virtual machine - Including Oracle October 2024 and January 2025 CPU changes * CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711), CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719), CVE-2025-21502 (boo#1236278) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.49/ - Update to OpenJDK 11.0.24 with OpenJ9 0.46.0 virtual machine - Including Oracle July 2024 CPU changes * CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047), CVE-2024-21140 (boo#1228048), CVE-2024-21144 (boo#1228050), CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.46/ - Update to OpenJDK 11.0.23 with OpenJ9 0.44.0 virtual machine - Including Oracle April 2024 CPU changes * CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986), CVE-2024-21011 (boo#1222979), CVE-2024-21085 (boo#1222984), CVE-2024-21068 (boo#1222983) - Including OpenJ9/OMR specific fix: * CVE-2024-3933 (boo#1225470) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.44/ - Update to OpenJDK 11.0.22 with OpenJ9 0.43.0 virtual machine - Including Oracle January 2024 CPU changes * CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903), CVE-2024-20921 (boo#1218905), CVE-2024-20926 (boo#1218906), CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.43/ - Remove the possibility to put back removes JavaEE modules, since our Java stack does not need this hack any more - Update to OpenJDK 11.0.21 with OpenJ9 0.41.0 virtual machine - Including Oracle October 2023 CPU changes * CVE-2023-22081, boo#1216374 - Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214 * For other OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.41 - Update to OpenJDK 11.0.20.1 with OpenJ9 0.40.0 virtual machine * JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) - Update to OpenJDK 11.0.20 with OpenJ9 0.40.0 virtual machine - Including Oracle April 2023 CPU changes * CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474), CVE-2023-22041 (boo#1213475), CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.40 - Update to OpenJDK 11.0.19 with OpenJ9 0.38.0 virtual machine - Including Oracle April 2023 CPU changes * CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631), CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634), CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636), CVE-2023-21968 (boo#1210637) * OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.38 - Update to OpenJDK 11.0.18 with OpenJ9 0.36.1 virtual machine * Including Oracle January 2023 CPU changes + CVE-2023-21835, boo#1207246 + CVE-2023-21843, boo#1207248 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.36 - Update to OpenJDK 11.0.17 with OpenJ9 0.35.0 virtual machine * Including Oracle October 2022 CPU changes CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473), CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475), CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480) * Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.35 - Update to OpenJDK 11.0.16 with OpenJ9 0.33.0 virtual machine * Including Oracle July 2022 CPU changes CVE-2022-21540 (boo#1201694), CVE-2022-21541 (boo#1201692), CVE-2022-34169 (boo#1201684) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.33 - Update to OpenJDK 11.0.15 with OpenJ9 0.32.0 virtual machine * Fixes boo#1198935, CVE-2021-41041: unverified methods can be invoked using MethodHandles * Including Oracle April 2022 CPU fixes CVE-2022-21426 (boo#1198672), CVE-2022-21434 (boo#1198674), CVE-2022-21443 (boo#1198675), CVE-2022-21476 (boo#1198671), CVE-2022-21496 (boo#1198673) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.32 - Update to OpenJDK 11.0.14.1 with OpenJ9 0.30.1 virtual machine * including Oracle January 2022 CPU changes (boo#1194925, boo#1194926, boo#1194927, boo#1194928, boo#1194929, boo#1194930, boo#1194931, boo#1194932, boo#1194933, boo#1194934, boo#1194935, boo#1194937, boo#1194939, boo#1194940, boo#1194941) * OpenJ9 changes see https://www.eclipse.org/openj9/docs/version0.30.1 - Update to OpenJDK 11.0.13 with OpenJ9 0.29.0 virtual machine * including Oracle July 2021 and October 2021 CPU changes (boo#1188564, boo#1188565, boo#1188566, boo#1191901, boo#1191909, boo#1191910, boo#1191911, boo#1191912, boo#1191913, boo#1191903, boo#1191904, boo#1191914, boo#1191906) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.29 - Update to OpenJDK 11.0.11 with OpenJ9 0.26.0 virtual machine * including Oracle April 2021 CPU changes (boo#1185055 and boo#1185056) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.26 - Update to OpenJDK 11.0.10 with OpenJ9 0.24.0 virtual machine * including Oracle January 2021 CPU changes (boo#1181239) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.24

Patchnames: openSUSE-2025-66

CVE-2020-14803

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N