{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Legacy 15 SP5","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Legacy 15 SP6","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP2-LTSS","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP2","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 7.1","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-accessibility":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-javadoc":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-src":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"java-1_8_0-openjdk","purl":"pkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-accessibility":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-demo":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-devel":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-headless":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-javadoc":"1.8.0.422-150000.3.97.1","java-1_8_0-openjdk-src":"1.8.0.422-150000.3.97.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"java-1_8_0-openjdk","purl":"pkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.422-150000.3.97.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_8_0-openjdk fixes the following issues:\n\nUpdate to version jdk8u422 (icedtea-3.32.0):\n\n* Security fixes\n  + JDK-8314794, CVE-2024-21131, bsc#1228046: Improve UTF8 String supports\n  + JDK-8319859, CVE-2024-21138, bsc#1228047: Better symbol storage\n  + JDK-8320097: Improve Image transformations\n  + JDK-8320548, CVE-2024-21140, bsc#1228048: Improved loop handling\n  + JDK-8322106, CVE-2024-21144, bsc#1228050: Enhance Pack 200 loading\n  + JDK-8323231, CVE-2024-21147, bsc#1228052: Improve array management\n  + JDK-8323390: Enhance mask blit functionality\n  + JDK-8324559, CVE-2024-21145, bsc#1228051: Improve 2D image handling\n  + JDK-8325600: Better symbol storage\n* Import of OpenJDK 8 u422 build 05\n  + JDK-8025439: [TEST BUG] [macosx]\n    PrintServiceLookup.lookupPrintServices doesn't work properly\n    since jdk8b105\n  + JDK-8069389: CompilerOracle prefix wildcarding is broken for\n    long strings\n  + JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/\n    /bug7123767.java: number of checked graphics configurations\n    should be limited\n  + JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails\n  + JDK-8203691: [TESTBUG] Test\n    /runtime/containers/cgroup/PlainRead.java fails\n  + JDK-8205407: [windows, vs<2017] C4800 after 8203197\n  + JDK-8235834: IBM-943 charset encoder needs updating\n  + JDK-8239965: XMLEncoder/Test4625418.java fails due to 'Error:\n    Cp943 - can't read properly'\n  + JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese\n    characters were garbled\n  + JDK-8256152: tests fail because of ambiguous method resolution\n  + JDK-8258855: Two tests sun/security/krb5/auto/\n    /ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java\n    failed on OL8.3\n  + JDK-8262017: C2: assert(n != __null) failed: Bad immediate\n    dominator info.\n  + JDK-8268916: Tests for AffirmTrust roots\n  + JDK-8278067: Make HttpURLConnection default keep alive\n    timeout configurable\n  + JDK-8291226: Create Test Cases to cover scenarios for\n    JDK-8278067\n  + JDK-8291637: HttpClient default keep alive timeout not\n    followed if server sends invalid value\n  + JDK-8291638: Keep-Alive timeout of 0 should close connection\n    immediately\n  + JDK-8293562: KeepAliveCache Blocks Threads while Closing\n    Connections\n  + JDK-8303466: C2: failed: malformed control flow. Limit type\n    made precise with MaxL/MinL\n  + JDK-8304074: [JMX] Add an approximation of total bytes\n    allocated on the Java heap by the JVM\n  + JDK-8313081: MonitoringSupport_lock should be unconditionally\n    initialized after 8304074\n  + JDK-8315020: The macro definition for LoongArch64 zero build\n    is not accurate.\n  + JDK-8316138: Add GlobalSign 2 TLS root certificates\n  + JDK-8318410: jdk/java/lang/instrument/BootClassPath/\n    /BootClassPathTest.sh fails on Japanese Windows\n  + JDK-8320005: Allow loading of shared objects with .a\n    extension on AIX\n  + JDK-8324185: [8u] Accept Xcode 12+ builds on macOS\n  + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/\n    /AKISerialNumber.java is failing\n  + JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test\n  + JDK-8326686: Bump update version of OpenJDK: 8u422\n  + JDK-8327440: Fix 'bad source file' error during beaninfo\n    generation\n  + JDK-8328809: [8u] Problem list some CA tests\n  + JDK-8328825: Google CAInterop test failures\n  + JDK-8329544: [8u] sun/security/krb5/auto/\n    /ReplayCacheTestProc.java cannot find the testlibrary\n  + JDK-8331791: [8u] AIX build break from JDK-8320005 backport\n  + JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test\n  + JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3\n    ::Identity signature fixes\n* Bug fixes\n  + JDK-8331730: [8u] GHA: update sysroot for cross builds to\n    Debian bullseye\n  + JDK-8333669: [8u] GHA: Dead VS2010 download link\n  + JDK-8318039: GHA: Bump macOS and Xcode versions\n","id":"SUSE-SU-2024:2786-1","modified":"2024-08-06T13:00:18Z","published":"2024-08-06T13:00:18Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20242786-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228046"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228047"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228048"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228050"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228051"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228052"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21131"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21138"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21140"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21144"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21145"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21147"}],"related":["CVE-2024-21131","CVE-2024-21138","CVE-2024-21140","CVE-2024-21144","CVE-2024-21145","CVE-2024-21147"],"summary":"Security update for java-1_8_0-openjdk","upstream":["CVE-2024-21131","CVE-2024-21138","CVE-2024-21140","CVE-2024-21144","CVE-2024-21145","CVE-2024-21147"]}