Security update for java-17-openjdk SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1499-2 Final 1 1 2024-06-18T11:05:03Z current 2024-06-18T11:05:03Z 2024-06-18T11:05:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-17-openjdk This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-7167356: (javac) investigate failing tests in JavacParserTest + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8169475: WheelModifier.java fails by timeout + JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8210410: Refactor java.util.Currency:i18n shell tests to plain java tests + JDK-8261404: Class.getReflectionFactory() is not thread-safe + JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from + JDK-8263256: Test java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due to dynamic reconfigurations of network interface during test + JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout + JDK-8271118: C2: StressGCM should have higher priority than frequency-based policy + JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains info on final result + JDK-8272811: Document the effects of building with _GNU_SOURCE in os_posix.hpp + JDK-8272853: improve `JavadocTester.runTests` + JDK-8273454: C2: Transform (-a)*(-b) into a*b + JDK-8274060: C2: Incorrect computation after JDK-8273454 + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming + JDK-8274634: Use String.equals instead of String.compareTo in java.desktop + JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id + JDK-8278028: [test-library] Warnings cleanup of the test library + JDK-8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses + JDK-8278363: Create extented container test groups + JDK-8280241: (aio) AsynchronousSocketChannel init fails in IPv6 only Windows env + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp + JDK-8281585: Remove unused imports under test/lib and jtreg/gc + JDK-8283400: [macos] a11y : Screen magnifier does not reflect JRadioButton value change + JDK-8283626: AArch64: Set relocInfo::offset_unit to 4 + JDK-8283994: Make Xerces DatatypeException stackless + JDK-8286312: Stop mixing signed and unsigned types in bit operations + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with 'Expected two batches of Active Setting events' + JDK-8288663: JFR: Disabling the JfrThreadSampler commits only a partially disabled state + JDK-8288846: misc tests fail 'assert(ms < 1000) failed: Un-interruptable sleep, short time use only' + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8290041: ModuleDescriptor.hashCode is inconsistent + JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java on linux-all + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8292458: Atomic operations on scoped enums don't build with clang + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293117: Add atomic bitset functions + JDK-8293547: Add relaxed add_and_fetch for macos aarch64 atomics + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8295068: SSLEngine throws NPE parsing CertificateRequests + JDK-8295124: Atomic::add to pointer type may return wrong value + JDK-8295274: HelidonAppTest.java fails 'assert(event->should_commit()) failed: invariant' from compiled frame' + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + JDK-8297968: Crash in PrintOptoAssembly + JDK-8298087: XML Schema Validation reports an required attribute twice via ErrorHandler + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8301306: java/net/httpclient/* fail with -Xcomp + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301787: java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/ /TestAMEnotNPE.java + JDK-8303605: Memory leaks in Metaspace gtests + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304696: Duplicate class names in dynamicArchive tests can lead to test failure + JDK-8305356: Fix ignored bad CompileCommands in tests + JDK-8305900: Use loopback IP addresses in security policy files of httpclient tests + JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address + JDK-8305962: update jcstress to 0.16 + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate + JDK-8306408: Fix the format of several tables in building.md + JDK-8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock + JDK-8307926: Support byte-sized atomic bitset operations + JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' + JDK-8307990: jspawnhelper must close its writing side of a pipe before reading from it + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309302: java/net/Socket/Timeouts.java fails with AssertionError on test temporal post condition + JDK-8309305: sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test timeout + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of JRadioButton + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work + JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is spuriously passing + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8310838: Correct range notations in MethodTypeDesc specification + JDK-8310844: [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate + JDK-8310923: Refactor Currency tests to use JUnit + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem + JDK-8311581: Remove obsolete code and comments in TestLVT.java + JDK-8311645: Memory leak in jspawnhelper spawnChild after JDK-8307990 + JDK-8311986: Disable runtime/os/TestTracePageSizes.java for ShenandoahGC + JDK-8312428: PKCS11 tests fail with NSS 3.91 + JDK-8312434: SPECjvm2008/xml.transform with CDS fails with 'can't seal package nu.xom' + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313206: PKCS11 tests silently skip execution + JDK-8313575: Refactor PKCS11Test tests + JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/ /TestFloatingDecimal should use RandomFactory + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314220: Configurable InlineCacheBuffer size + JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315920: C2: 'control input must dominate current control' assert failure + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316304: (fs) Add support for BasicFileAttributes .creationTime() for Linux + JDK-8316392: compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in PcDescContainer::find_pc_desc_internal + JDK-8316414: C2: large byte array clone triggers 'failed: malformed control flow' assertion failure on linux-x86 + JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests + JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with Parallel GC + JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/ /CheckOrigin.java as vm.flagless + JDK-8316679: C2 SuperWord: wrong result, load should not be moved before store if not comparable + JDK-8316693: Simplify at-requires checkDockerSupport() + JDK-8316929: Shenandoah: Shenandoah degenerated GC and full GC need to cleanup old OopMapCache entries + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317039: Enable specifying the JDK used to run jtreg + JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on Linux ppc64le + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317603: Improve exception messages thrown by sun.nio.ch.Net native methods (win) + JDK-8317771: [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma + JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 + JDK-8317960: [17u] Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318183: C2: VM may crash after hitting node limit + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318490: Increase timeout for JDK tests that are close to the limit when run with libgraal + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318689: jtreg is confused when folder name is the same as the test name + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318957: Enhance agentlib:jdwp help output by info about allow option + JDK-8318961: increase javacserver connection timeout values and max retry attempts + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319213: Compatibility.java reads both stdout and stderr of JdkUtils + JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 + JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320168: handle setsocktopt return values + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320300: Adjust hs_err output in malloc/mmap error cases + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11 + JDK-8320921: GHA: Parallelize hotspot_compiler test jobs + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8321599: Data loss in AVX3 Base64 decoding + JDK-8321815: Shenandoah: gc state should be synchronized to java threads only once per safepoint + JDK-8321972: test runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform + JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with /sys/kernel/mm/transparent_hugepage/hpage_pmd_size + JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322583: RISC-V: Enable fast class initialization checks + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322772: Clean up code after JDK-8322417 + JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output + JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323021: Shenandoah: Encountered reference count always attributed to first worker thread + JDK-8323086: Shenandoah: Heap could be corrupted by oom during evacuation + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323331: fix typo hpage_pdm_size + JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC should be mangled + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323637: Capture hotspot replay files in GHA + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8323806: [17u] VS2017 build fails with warning after 8293117. + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324514: ClassLoaderData::print_on should print address of class loader + JDK-8324647: Invalid test group of lib-test after JDK-8323515 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8324937: GHA: Avoid multiple test suites per job + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8325585: Remove no longer necessary calls to set/unset-in-asgct flag in JDK 17 + JDK-8326000: Remove obsolete comments for class sun.security.ssl.SunJSSE + JDK-8327036: [macosx-aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 + JDK-8327391: Add SipHash attribution file + JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11 - Removed the possibility to use the system timezone-java (bsc#1213470). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/openjdk-devel:17-2024-1499,Container bci/openjdk:17-2024-1499,Container containers/apache-tomcat:10.1-openjdk17-2024-1499,Container containers/apache-tomcat:9-openjdk17-2024-1499,Container suse/manager/5.0/x86_64/server:latest-2024-1499,Image server-image-2024-1499,SUSE-2024-1499,SUSE-SLE-Module-Basesystem-15-SP6-2024-1499,SUSE-SLE-Module-Legacy-15-SP6-2024-1499,openSUSE-SLE-15.6-2024-1499 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241499-2/ Link for SUSE-SU-2024:1499-2 https://lists.suse.com/pipermail/sle-updates/2024-August/036652.html E-Mail link for SUSE-SU-2024:1499-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1213470 SUSE Bug 1213470 https://bugzilla.suse.com/1222979 SUSE Bug 1222979 https://bugzilla.suse.com/1222983 SUSE Bug 1222983 https://bugzilla.suse.com/1222986 SUSE Bug 1222986 https://bugzilla.suse.com/1222987 SUSE Bug 1222987 https://www.suse.com/security/cve/CVE-2024-21011/ SUSE CVE CVE-2024-21011 page https://www.suse.com/security/cve/CVE-2024-21012/ SUSE CVE CVE-2024-21012 page https://www.suse.com/security/cve/CVE-2024-21068/ SUSE CVE CVE-2024-21068 page https://www.suse.com/security/cve/CVE-2024-21094/ SUSE CVE CVE-2024-21094 page Container bci/openjdk-devel:17 Container bci/openjdk:17 Container containers/apache-tomcat:10.1-openjdk17 Container containers/apache-tomcat:9-openjdk17 Container suse/manager/5.0/x86_64/server:latest Image server-image SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Legacy 15 SP6 openSUSE Leap 15.6 java-17-openjdk-17.0.11.0-150400.3.42.1 java-17-openjdk-devel-17.0.11.0-150400.3.42.1 java-17-openjdk-headless-17.0.11.0-150400.3.42.1 java-17-openjdk-demo-17.0.11.0-150400.3.42.1 java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1 java-17-openjdk-jmods-17.0.11.0-150400.3.42.1 java-17-openjdk-src-17.0.11.0-150400.3.42.1 java-17-openjdk-17.0.11.0-150400.3.42.1 as a component of Container bci/openjdk-devel:17 java-17-openjdk-devel-17.0.11.0-150400.3.42.1 as a component of Container bci/openjdk-devel:17 java-17-openjdk-headless-17.0.11.0-150400.3.42.1 as a component of Container bci/openjdk-devel:17 java-17-openjdk-17.0.11.0-150400.3.42.1 as a component of Container bci/openjdk:17 java-17-openjdk-headless-17.0.11.0-150400.3.42.1 as a component of Container bci/openjdk:17 java-17-openjdk-17.0.11.0-150400.3.42.1 as a component of Container containers/apache-tomcat:10.1-openjdk17 java-17-openjdk-headless-17.0.11.0-150400.3.42.1 as a component of Container containers/apache-tomcat:10.1-openjdk17 java-17-openjdk-17.0.11.0-150400.3.42.1 as a component of Container containers/apache-tomcat:9-openjdk17 java-17-openjdk-headless-17.0.11.0-150400.3.42.1 as a component of Container containers/apache-tomcat:9-openjdk17 java-17-openjdk-17.0.11.0-150400.3.42.1 as a component of Container suse/manager/5.0/x86_64/server:latest java-17-openjdk-headless-17.0.11.0-150400.3.42.1 as a component of Container suse/manager/5.0/x86_64/server:latest java-17-openjdk-17.0.11.0-150400.3.42.1 as a component of Image server-image java-17-openjdk-headless-17.0.11.0-150400.3.42.1 as a component of Image server-image java-17-openjdk-17.0.11.0-150400.3.42.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 java-17-openjdk-devel-17.0.11.0-150400.3.42.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 java-17-openjdk-headless-17.0.11.0-150400.3.42.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 java-17-openjdk-demo-17.0.11.0-150400.3.42.1 as a component of SUSE Linux Enterprise Module for Legacy 15 SP6 java-17-openjdk-17.0.11.0-150400.3.42.1 as a component of openSUSE Leap 15.6 java-17-openjdk-demo-17.0.11.0-150400.3.42.1 as a component of openSUSE Leap 15.6 java-17-openjdk-devel-17.0.11.0-150400.3.42.1 as a component of openSUSE Leap 15.6 java-17-openjdk-headless-17.0.11.0-150400.3.42.1 as a component of openSUSE Leap 15.6 java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1 as a component of openSUSE Leap 15.6 java-17-openjdk-jmods-17.0.11.0-150400.3.42.1 as a component of openSUSE Leap 15.6 java-17-openjdk-src-17.0.11.0-150400.3.42.1 as a component of openSUSE Leap 15.6 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2024-21011 Container bci/openjdk-devel:17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container bci/openjdk-devel:17:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 Container bci/openjdk-devel:17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container bci/openjdk:17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container bci/openjdk:17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:10.1-openjdk17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:10.1-openjdk17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:9-openjdk17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:9-openjdk17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container suse/manager/5.0/x86_64/server:latest:java-17-openjdk-17.0.11.0-150400.3.42.1 Container suse/manager/5.0/x86_64/server:latest:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Image server-image:java-17-openjdk-17.0.11.0-150400.3.42.1 Image server-image:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Legacy 15 SP6:java-17-openjdk-demo-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-demo-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-jmods-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-src-17.0.11.0-150400.3.42.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241499-2/ https://www.suse.com/security/cve/CVE-2024-21011.html CVE-2024-21011 https://bugzilla.suse.com/1222979 SUSE Bug 1222979 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2024-21012 Container bci/openjdk-devel:17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container bci/openjdk-devel:17:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 Container bci/openjdk-devel:17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container bci/openjdk:17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container bci/openjdk:17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:10.1-openjdk17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:10.1-openjdk17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:9-openjdk17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:9-openjdk17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container suse/manager/5.0/x86_64/server:latest:java-17-openjdk-17.0.11.0-150400.3.42.1 Container suse/manager/5.0/x86_64/server:latest:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Image server-image:java-17-openjdk-17.0.11.0-150400.3.42.1 Image server-image:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Legacy 15 SP6:java-17-openjdk-demo-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-demo-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-jmods-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-src-17.0.11.0-150400.3.42.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241499-2/ https://www.suse.com/security/cve/CVE-2024-21012.html CVE-2024-21012 https://bugzilla.suse.com/1222987 SUSE Bug 1222987 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2024-21068 Container bci/openjdk-devel:17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container bci/openjdk-devel:17:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 Container bci/openjdk-devel:17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container bci/openjdk:17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container bci/openjdk:17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:10.1-openjdk17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:10.1-openjdk17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:9-openjdk17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:9-openjdk17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container suse/manager/5.0/x86_64/server:latest:java-17-openjdk-17.0.11.0-150400.3.42.1 Container suse/manager/5.0/x86_64/server:latest:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Image server-image:java-17-openjdk-17.0.11.0-150400.3.42.1 Image server-image:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Legacy 15 SP6:java-17-openjdk-demo-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-demo-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-jmods-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-src-17.0.11.0-150400.3.42.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241499-2/ https://www.suse.com/security/cve/CVE-2024-21068.html CVE-2024-21068 https://bugzilla.suse.com/1222983 SUSE Bug 1222983 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2024-21094 Container bci/openjdk-devel:17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container bci/openjdk-devel:17:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 Container bci/openjdk-devel:17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container bci/openjdk:17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container bci/openjdk:17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:10.1-openjdk17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:10.1-openjdk17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:9-openjdk17:java-17-openjdk-17.0.11.0-150400.3.42.1 Container containers/apache-tomcat:9-openjdk17:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Container suse/manager/5.0/x86_64/server:latest:java-17-openjdk-17.0.11.0-150400.3.42.1 Container suse/manager/5.0/x86_64/server:latest:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 Image server-image:java-17-openjdk-17.0.11.0-150400.3.42.1 Image server-image:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 SUSE Linux Enterprise Module for Legacy 15 SP6:java-17-openjdk-demo-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-demo-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-devel-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-headless-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-jmods-17.0.11.0-150400.3.42.1 openSUSE Leap 15.6:java-17-openjdk-src-17.0.11.0-150400.3.42.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241499-2/ https://www.suse.com/security/cve/CVE-2024-21094.html CVE-2024-21094 https://bugzilla.suse.com/1222986 SUSE Bug 1222986