| Description: | Summary:
The remote host is missing an update for the 'java-11-openj9' package(s) announced via the openSUSE-SU-2025:0066-1 advisory.
Vulnerability Insight:
This update for java-11-openj9 fixes the following issues:
- Update to OpenJDK 11.0.26 with OpenJ9 0.49.0 virtual machine
- Including Oracle October 2024 and January 2025 CPU changes
* CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711),
CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719),
CVE-2025-21502 (boo#1236278)
* OpenJ9 changes, see
[link moved to references]
- Update to OpenJDK 11.0.24 with OpenJ9 0.46.0 virtual machine
- Including Oracle July 2024 CPU changes
* CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047),
CVE-2024-21140 (boo#1228048), CVE-2024-21144 (boo#1228050),
CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051)
* OpenJ9 changes, see
[link moved to references]
- Update to OpenJDK 11.0.23 with OpenJ9 0.44.0 virtual machine
- Including Oracle April 2024 CPU changes
* CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986),
CVE-2024-21011 (boo#1222979), CVE-2024-21085 (boo#1222984),
CVE-2024-21068 (boo#1222983)
- Including OpenJ9/OMR specific fix:
* CVE-2024-3933 (boo#1225470)
* OpenJ9 changes, see
[link moved to references]
- Update to OpenJDK 11.0.22 with OpenJ9 0.43.0 virtual machine
- Including Oracle January 2024 CPU changes
* CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903),
CVE-2024-20921 (boo#1218905), CVE-2024-20926 (boo#1218906),
CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)
* OpenJ9 changes, see
[link moved to references]
- Remove the possibility to put back removes JavaEE modules, since
our Java stack does not need this hack any more
- Update to OpenJDK 11.0.21 with OpenJ9 0.41.0 virtual machine
- Including Oracle October 2023 CPU changes
* CVE-2023-22081, boo#1216374
- Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214
* For other OpenJ9 changes, see
[link moved to references]
- Update to OpenJDK 11.0.20.1 with OpenJ9 0.40.0 virtual machine
* JDK-8313765: Invalid CEN header (invalid zip64 extra data
field size)
- Update to OpenJDK 11.0.20 with OpenJ9 0.40.0 virtual machine
- Including Oracle April 2023 CPU changes
* CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474),
CVE-2023-22041 (boo#1213475), CVE-2023-22045 (boo#1213481),
CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922)
* OpenJ9 changes, see
[link moved to references]
- Update to OpenJDK 11.0.19 with OpenJ9 0.38.0 virtual machine
- Including Oracle April 2023 CPU changes
* CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631),
CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634),
CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636),
CVE-2023-21968 (boo#1210637)
* OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)
* OpenJ9 changes, see
[link moved to references]
- Update to OpenJDK 11.0.18 with OpenJ9 0.36.1 virtual machine
* Including Oracle January 2023 CPU changes
+ CVE-2023-21835, boo#1207246
+ CVE-2023-21843, boo#1207248
* ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'java-11-openj9' package(s) on openSUSE Leap 15.6.
Solution:
Please install the updated package(s).
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
