Test ID:	1.3.6.1.4.1.25623.1.1.18.1.2025.0067.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (openSUSE-SU-2025:0067-1)
Summary:	The remote host is missing an update for the 'java-17-openj9' package(s) announced via the openSUSE-SU-2025:0067-1 advisory.
Description:	Summary: The remote host is missing an update for the 'java-17-openj9' package(s) announced via the openSUSE-SU-2025:0067-1 advisory. Vulnerability Insight: This update for java-17-openj9 fixes the following issues: - Update to OpenJDK 17.0.14 with OpenJ9 0.49.0 virtual machine - Including Oracle October 2024 and January 2025 CPU changes * CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711), CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719), CVE-2025-21502 (boo#1236278) * OpenJ9 changes, see [link moved to references] - Update to OpenJDK 17.0.12 with OpenJ9 0.46.0 virtual machine - Including Oracle July 2024 CPU changes * CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047), CVE-2024-21140 (boo#1228048), CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051) * OpenJ9 changes, see [link moved to references] - Update to OpenJDK 17.0.11 with OpenJ9 0.44.0 virtual machine - Including Oracle April 2024 CPU changes * CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986), CVE-2024-21011 (boo#1222979), CVE-2024-21068 (boo#1222983) * OpenJ9 changes, see [link moved to references] - Update to OpenJDK 17.0.10 with OpenJ9 0.43.0 virtual machine - Including Oracle January 2024 CPU changes * CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903), CVE-2024-20921 (boo#1218905), CVE-2024-20932 (boo#1218908), CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911) * OpenJ9 changes, see [link moved to references] - Update to OpenJDK 17.0.9 with OpenJ9 0.41.0 virtual machine - Including Oracle October 2023 CPU changes * CVE-2023-22081, boo#1216374 * CVE-2023-22025, boo#1216339 - Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214 * For other OpenJ9 changes, see [link moved to references] - Update to OpenJDK 17.0.8.1 with OpenJ9 0.40.0 virtual machine * JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) - Update to OpenJDK 17.0.8 with OpenJ9 0.40.0 virtual machine - Including Oracle July 2023 CPU changes * CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474), CVE-2023-22041 (boo#1213475), CVE-2023-22044 (boo#1213479), CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922) * OpenJ9 changes, see [link moved to references] - Update to OpenJDK 17.0.7 with OpenJ9 0.38.0 virtual machine - Including Oracle April 2023 CPU changes * CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631), CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634), CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636), CVE-2023-21968 (boo#1210637) * OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615) * OpenJ9 changes, see [link moved to references] - Update to OpenJDK 17.0.6 with OpenJ9 0.36.0 virtual machine * including Oracle January 2023 CPU changes + CVE-2023-21835, boo#1207246 + CVE-2023-21843, boo#1207248 * OpenJ9 changes, see [link moved to references] - Update to OpenJDK 17.0.5 with OpenJ9 0.35.0 virtual machine * Including Oracle October 2022 CPU changes CVE-2022-21618 (boo#1204468), ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'java-17-openj9' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-21618 https://security.gentoo.org/glsa/202401-25 FEDORA-2022-1c07902a5e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/ FEDORA-2022-5d494ab9ab https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/ FEDORA-2022-d989953883 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/ FEDORA-2022-f76014ae17 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/ https://security.netapp.com/advisory/ntap-20221028-0012/ https://www.oracle.com/security-alerts/cpuoct2022.html Common Vulnerability Exposure (CVE) ID: CVE-2022-21619 FEDORA-2022-361f34f2a9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/ FEDORA-2022-b050ae8974 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/ Common Vulnerability Exposure (CVE) ID: CVE-2022-21624 Common Vulnerability Exposure (CVE) ID: CVE-2022-21626 Common Vulnerability Exposure (CVE) ID: CVE-2022-21628 Common Vulnerability Exposure (CVE) ID: CVE-2022-3676 https://github.com/eclipse-openj9/openj9/pull/16122 https://github.com/eclipse/omr/pull/6773 https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/389 Common Vulnerability Exposure (CVE) ID: CVE-2022-39399 Common Vulnerability Exposure (CVE) ID: CVE-2023-21835 Oracle Advisory https://www.oracle.com/security-alerts/cpujan2023.html Common Vulnerability Exposure (CVE) ID: CVE-2023-21843 Common Vulnerability Exposure (CVE) ID: CVE-2023-21930 Debian Security Information: DSA-5430 (Google Search) https://www.debian.org/security/2023/dsa-5430 Debian Security Information: DSA-5478 (Google Search) https://www.debian.org/security/2023/dsa-5478 https://www.couchbase.com/alerts/ https://www.oracle.com/security-alerts/cpuapr2023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2023-21937 Common Vulnerability Exposure (CVE) ID: CVE-2023-21938 Common Vulnerability Exposure (CVE) ID: CVE-2023-21939 Common Vulnerability Exposure (CVE) ID: CVE-2023-21954 Common Vulnerability Exposure (CVE) ID: CVE-2023-21967 Common Vulnerability Exposure (CVE) ID: CVE-2023-21968 Common Vulnerability Exposure (CVE) ID: CVE-2023-22006 Debian Security Information: DSA-5458 (Google Search) https://www.debian.org/security/2023/dsa-5458 https://www.oracle.com/security-alerts/cpujul2023.html Common Vulnerability Exposure (CVE) ID: CVE-2023-22025 https://www.oracle.com/security-alerts/cpuoct2023.html https://security.netapp.com/advisory/ntap-20231027-0006/ https://www.debian.org/security/2023/dsa-5548 Common Vulnerability Exposure (CVE) ID: CVE-2023-22036 Common Vulnerability Exposure (CVE) ID: CVE-2023-22041 Common Vulnerability Exposure (CVE) ID: CVE-2023-22044 Common Vulnerability Exposure (CVE) ID: CVE-2023-22045 Common Vulnerability Exposure (CVE) ID: CVE-2023-22049 Common Vulnerability Exposure (CVE) ID: CVE-2023-22081 https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html https://www.debian.org/security/2023/dsa-5537 Common Vulnerability Exposure (CVE) ID: CVE-2023-25193 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/ https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361 https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc Common Vulnerability Exposure (CVE) ID: CVE-2023-2597 https://github.com/eclipse-openj9/openj9/pull/17259 Common Vulnerability Exposure (CVE) ID: CVE-2023-5676 https://github.com/eclipse-openj9/openj9/pull/18085 https://gitlab.eclipse.org/security/cve-assignement/-/issues/13 Common Vulnerability Exposure (CVE) ID: CVE-2024-20918 https://www.oracle.com/security-alerts/cpujan2024.html https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html Common Vulnerability Exposure (CVE) ID: CVE-2024-20919 Common Vulnerability Exposure (CVE) ID: CVE-2024-20921 Common Vulnerability Exposure (CVE) ID: CVE-2024-20932 Common Vulnerability Exposure (CVE) ID: CVE-2024-20945 Common Vulnerability Exposure (CVE) ID: CVE-2024-20952 Common Vulnerability Exposure (CVE) ID: CVE-2024-21011 https://www.oracle.com/security-alerts/cpuapr2024.html https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html Common Vulnerability Exposure (CVE) ID: CVE-2024-21012 Common Vulnerability Exposure (CVE) ID: CVE-2024-21068 Common Vulnerability Exposure (CVE) ID: CVE-2024-21094 Common Vulnerability Exposure (CVE) ID: CVE-2024-21131 Common Vulnerability Exposure (CVE) ID: CVE-2024-21138 Common Vulnerability Exposure (CVE) ID: CVE-2024-21140 Common Vulnerability Exposure (CVE) ID: CVE-2024-21145 Common Vulnerability Exposure (CVE) ID: CVE-2024-21147 Common Vulnerability Exposure (CVE) ID: CVE-2024-21208 Common Vulnerability Exposure (CVE) ID: CVE-2024-21210 Common Vulnerability Exposure (CVE) ID: CVE-2024-21217 Common Vulnerability Exposure (CVE) ID: CVE-2024-21235 Common Vulnerability Exposure (CVE) ID: CVE-2025-21502
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.