java-1_8_0-openj9-1.8.0.312-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11601 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z java-1_8_0-openj9-1.8.0.312-1.1 on GA media These are all security issues fixed in the java-1_8_0-openj9-1.8.0.312-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11601 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11601 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-2163/ SUSE CVE CVE-2021-2163 page openSUSE Tumbleweed java-1_8_0-openj9-1.8.0.312-1.1 java-1_8_0-openj9-accessibility-1.8.0.312-1.1 java-1_8_0-openj9-demo-1.8.0.312-1.1 java-1_8_0-openj9-devel-1.8.0.312-1.1 java-1_8_0-openj9-headless-1.8.0.312-1.1 java-1_8_0-openj9-javadoc-1.8.0.312-1.1 java-1_8_0-openj9-src-1.8.0.312-1.1 java-1_8_0-openj9-1.8.0.312-1.1 as a component of openSUSE Tumbleweed java-1_8_0-openj9-accessibility-1.8.0.312-1.1 as a component of openSUSE Tumbleweed java-1_8_0-openj9-demo-1.8.0.312-1.1 as a component of openSUSE Tumbleweed java-1_8_0-openj9-devel-1.8.0.312-1.1 as a component of openSUSE Tumbleweed java-1_8_0-openj9-headless-1.8.0.312-1.1 as a component of openSUSE Tumbleweed java-1_8_0-openj9-javadoc-1.8.0.312-1.1 as a component of openSUSE Tumbleweed java-1_8_0-openj9-src-1.8.0.312-1.1 as a component of openSUSE Tumbleweed Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). CVE-2021-2163 openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.312-1.1 openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.312-1.1 openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.312-1.1 openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.312-1.1 openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.312-1.1 openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.312-1.1 openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.312-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2163.html CVE-2021-2163 https://bugzilla.suse.com/1185055 SUSE Bug 1185055