{"affected":[{"ecosystem_specific":{"binaries":[{"java-11-openj9":"11.0.26.0-bp156.4.3.1","java-11-openj9-demo":"11.0.26.0-bp156.4.3.1","java-11-openj9-devel":"11.0.26.0-bp156.4.3.1","java-11-openj9-headless":"11.0.26.0-bp156.4.3.1","java-11-openj9-javadoc":"11.0.26.0-bp156.4.3.1","java-11-openj9-jmods":"11.0.26.0-bp156.4.3.1","java-11-openj9-src":"11.0.26.0-bp156.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP6","name":"java-11-openj9","purl":"pkg:rpm/suse/java-11-openj9&distro=SUSE%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.26.0-bp156.4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openj9":"11.0.26.0-bp156.4.3.1","java-11-openj9-demo":"11.0.26.0-bp156.4.3.1","java-11-openj9-devel":"11.0.26.0-bp156.4.3.1","java-11-openj9-headless":"11.0.26.0-bp156.4.3.1","java-11-openj9-javadoc":"11.0.26.0-bp156.4.3.1","java-11-openj9-jmods":"11.0.26.0-bp156.4.3.1","java-11-openj9-src":"11.0.26.0-bp156.4.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"java-11-openj9","purl":"pkg:rpm/opensuse/java-11-openj9&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.26.0-bp156.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-11-openj9 fixes the following issues:\n\n- Update to OpenJDK 11.0.26 with OpenJ9 0.49.0 virtual machine\n- Including Oracle October 2024 and January 2025 CPU changes\n  * CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711),\n    CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719),\n    CVE-2025-21502 (boo#1236278)\n  * OpenJ9 changes, see \n    https://www.eclipse.org/openj9/docs/version0.49/\n\n- Update to OpenJDK 11.0.24 with OpenJ9 0.46.0 virtual machine\n- Including Oracle July 2024 CPU changes\n  * CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047),\n    CVE-2024-21140 (boo#1228048), CVE-2024-21144 (boo#1228050),\n    CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051)\n  * OpenJ9 changes, see \n    https://www.eclipse.org/openj9/docs/version0.46/\n\n- Update to OpenJDK 11.0.23 with OpenJ9 0.44.0 virtual machine\n- Including Oracle April 2024 CPU changes\n  * CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986),\n    CVE-2024-21011 (boo#1222979), CVE-2024-21085 (boo#1222984),\n    CVE-2024-21068 (boo#1222983)\n- Including OpenJ9/OMR specific fix:\n  * CVE-2024-3933 (boo#1225470)\n  * OpenJ9 changes, see \n    https://www.eclipse.org/openj9/docs/version0.44/\n\n- Update to OpenJDK 11.0.22 with OpenJ9 0.43.0 virtual machine\n- Including Oracle January 2024 CPU changes\n  * CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903),\n    CVE-2024-20921 (boo#1218905), CVE-2024-20926 (boo#1218906),\n    CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)\n  * OpenJ9 changes, see \n    https://www.eclipse.org/openj9/docs/version0.43/\n- Remove the possibility to put back removes JavaEE modules, since\n  our Java stack does not need this hack any more\n\n- Update to OpenJDK 11.0.21 with OpenJ9 0.41.0 virtual machine\n- Including Oracle October 2023 CPU changes\n  * CVE-2023-22081, boo#1216374\n- Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214\n  * For other OpenJ9 changes, see\n    https://www.eclipse.org/openj9/docs/version0.41   \n\n- Update to OpenJDK 11.0.20.1 with OpenJ9 0.40.0 virtual machine\n  * JDK-8313765: Invalid CEN header (invalid zip64 extra data\n    field size)\n\n- Update to OpenJDK 11.0.20 with OpenJ9 0.40.0 virtual machine\n- Including Oracle April 2023 CPU changes\n  * CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474),\n    CVE-2023-22041 (boo#1213475), CVE-2023-22045 (boo#1213481),\n    CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922)\n  * OpenJ9 changes, see\n    https://www.eclipse.org/openj9/docs/version0.40\n\n- Update to OpenJDK 11.0.19 with OpenJ9 0.38.0 virtual machine\n- Including Oracle April 2023 CPU changes\n  * CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631),\n    CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634),\n    CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636),\n    CVE-2023-21968 (boo#1210637)\n  * OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)\n  * OpenJ9 changes, see\n    https://www.eclipse.org/openj9/docs/version0.38\n\n- Update to OpenJDK 11.0.18 with OpenJ9 0.36.1 virtual machine\n  * Including Oracle January 2023 CPU changes\n    + CVE-2023-21835, boo#1207246\n    + CVE-2023-21843, boo#1207248\n  * OpenJ9 changes, see \n    https://www.eclipse.org/openj9/docs/version0.36\n\n- Update to OpenJDK 11.0.17 with OpenJ9 0.35.0 virtual machine\n  * Including Oracle October 2022 CPU changes\n    CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473),\n    CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475),\n    CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480)\n  * Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676\n  * OpenJ9 changes, see \n    https://www.eclipse.org/openj9/docs/version0.35\n\n- Update to OpenJDK 11.0.16 with OpenJ9 0.33.0 virtual machine\n  * Including Oracle July 2022 CPU changes\n    CVE-2022-21540 (boo#1201694), CVE-2022-21541 (boo#1201692),\n    CVE-2022-34169 (boo#1201684)\n  * OpenJ9 changes, see\n    https://www.eclipse.org/openj9/docs/version0.33\n\n- Update to OpenJDK 11.0.15 with OpenJ9 0.32.0 virtual machine\n  * Fixes boo#1198935, CVE-2021-41041: unverified methods can be\n    invoked using MethodHandles\n  * Including Oracle April 2022 CPU fixes\n    CVE-2022-21426 (boo#1198672), CVE-2022-21434 (boo#1198674),\n    CVE-2022-21443 (boo#1198675), CVE-2022-21476 (boo#1198671),\n    CVE-2022-21496 (boo#1198673)\n  * OpenJ9 changes, see\n    https://www.eclipse.org/openj9/docs/version0.32\n\n- Update to OpenJDK 11.0.14.1 with OpenJ9 0.30.1 virtual machine\n  * including Oracle January 2022 CPU changes (boo#1194925,\n    boo#1194926, boo#1194927, boo#1194928, boo#1194929, boo#1194930,\n    boo#1194931, boo#1194932, boo#1194933, boo#1194934, boo#1194935,\n    boo#1194937, boo#1194939, boo#1194940, boo#1194941)\n  * OpenJ9 changes see\n    https://www.eclipse.org/openj9/docs/version0.30.1\n\n- Update to OpenJDK 11.0.13 with OpenJ9 0.29.0 virtual machine\n  * including Oracle July 2021 and October 2021 CPU changes\n    (boo#1188564, boo#1188565, boo#1188566, boo#1191901,\n    boo#1191909, boo#1191910, boo#1191911, boo#1191912,\n    boo#1191913, boo#1191903, boo#1191904, boo#1191914,\n    boo#1191906)\n  * OpenJ9 changes, see\n    https://www.eclipse.org/openj9/docs/version0.29\n\n- Update to OpenJDK 11.0.11 with OpenJ9 0.26.0 virtual machine\n  * including Oracle April 2021 CPU changes (boo#1185055 and\n    boo#1185056)\n  * OpenJ9 changes, see\n    https://www.eclipse.org/openj9/docs/version0.26\n\n- Update to OpenJDK 11.0.10 with OpenJ9 0.24.0 virtual machine\n  * including Oracle January 2021 CPU changes (boo#1181239)\n  * OpenJ9 changes, see\n    https://www.eclipse.org/openj9/docs/version0.24\n","id":"openSUSE-SU-2025:0066-1","modified":"2025-02-18T16:58:15Z","published":"2025-02-18T16:58:15Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GS63GCBRVH7N4JEIZNQAPVFNNVB2OGSU/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181239"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185055"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185056"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188564"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188565"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188566"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191901"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191903"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191904"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191906"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191909"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191910"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191911"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191912"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191913"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191914"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194925"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194926"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194927"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194928"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194929"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194930"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194931"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194932"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194933"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194934"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194935"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194937"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194939"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194940"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194941"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198671"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198672"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198673"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198674"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198675"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198935"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201684"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201692"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201694"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204468"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204471"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204472"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204473"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204475"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204480"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204703"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206549"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207246"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207248"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207922"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210628"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210631"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210632"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210634"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210635"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210636"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210637"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211615"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213470"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213473"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213474"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213475"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213481"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213482"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216374"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217214"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218903"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218905"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218906"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218907"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218909"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218911"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222979"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222983"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222984"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222986"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222987"},{"type":"REPORT","url":"https://bugzilla.suse.com/1225470"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228046"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228047"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228048"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228050"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228051"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228052"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231702"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231711"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231716"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231719"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236278"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236804"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14803"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-41041"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21426"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21434"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21443"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21476"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21496"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21540"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21541"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21618"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21619"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21624"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21626"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21628"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-34169"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3676"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39399"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21835"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21843"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21930"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21937"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21938"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21939"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21954"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21967"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21968"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-22006"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-22036"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-22041"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-22045"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-22049"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-22081"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-25193"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-2597"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-5676"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20918"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20919"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20921"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20926"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20945"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20952"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21011"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21012"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21068"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21085"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21094"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21131"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21138"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21140"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21144"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21145"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21147"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21208"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21210"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21217"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21235"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-3933"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21502"}],"related":["CVE-2020-14803","CVE-2021-41041","CVE-2022-21426","CVE-2022-21434","CVE-2022-21443","CVE-2022-21476","CVE-2022-21496","CVE-2022-21540","CVE-2022-21541","CVE-2022-21618","CVE-2022-21619","CVE-2022-21624","CVE-2022-21626","CVE-2022-21628","CVE-2022-34169","CVE-2022-3676","CVE-2022-39399","CVE-2023-21835","CVE-2023-21843","CVE-2023-21930","CVE-2023-21937","CVE-2023-21938","CVE-2023-21939","CVE-2023-21954","CVE-2023-21967","CVE-2023-21968","CVE-2023-22006","CVE-2023-22036","CVE-2023-22041","CVE-2023-22045","CVE-2023-22049","CVE-2023-22081","CVE-2023-25193","CVE-2023-2597","CVE-2023-5676","CVE-2024-20918","CVE-2024-20919","CVE-2024-20921","CVE-2024-20926","CVE-2024-20945","CVE-2024-20952","CVE-2024-21011","CVE-2024-21012","CVE-2024-21068","CVE-2024-21085","CVE-2024-21094","CVE-2024-21131","CVE-2024-21138","CVE-2024-21140","CVE-2024-21144","CVE-2024-21145","CVE-2024-21147","CVE-2024-21208","CVE-2024-21210","CVE-2024-21217","CVE-2024-21235","CVE-2024-3933","CVE-2025-21502"],"summary":"Security update for java-11-openj9","upstream":["CVE-2020-14803","CVE-2021-41041","CVE-2022-21426","CVE-2022-21434","CVE-2022-21443","CVE-2022-21476","CVE-2022-21496","CVE-2022-21540","CVE-2022-21541","CVE-2022-21618","CVE-2022-21619","CVE-2022-21624","CVE-2022-21626","CVE-2022-21628","CVE-2022-34169","CVE-2022-3676","CVE-2022-39399","CVE-2023-21835","CVE-2023-21843","CVE-2023-21930","CVE-2023-21937","CVE-2023-21938","CVE-2023-21939","CVE-2023-21954","CVE-2023-21967","CVE-2023-21968","CVE-2023-22006","CVE-2023-22036","CVE-2023-22041","CVE-2023-22045","CVE-2023-22049","CVE-2023-22081","CVE-2023-25193","CVE-2023-2597","CVE-2023-5676","CVE-2024-20918","CVE-2024-20919","CVE-2024-20921","CVE-2024-20926","CVE-2024-20945","CVE-2024-20952","CVE-2024-21011","CVE-2024-21012","CVE-2024-21068","CVE-2024-21085","CVE-2024-21094","CVE-2024-21131","CVE-2024-21138","CVE-2024-21140","CVE-2024-21144","CVE-2024-21145","CVE-2024-21147","CVE-2024-21208","CVE-2024-21210","CVE-2024-21217","CVE-2024-21235","CVE-2024-3933","CVE-2025-21502"]}