openSUSE 2025:0067-1 important: java-17-openj9 security issues resolved
opensuse
February 20, 2025
An update that solves 47 vulnerabilities and has three fixes is now available
Description
This update for java-17-openj9 fixes the following issues:
- Update to OpenJDK 17.0.14 with OpenJ9 0.49.0 virtual machine
- Including Oracle October 2024 and January 2025 CPU changes
* CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711),
CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719),
CVE-2025-21502 (boo#1236278)
* OpenJ9 changes, see https://eclipse.dev/openj9/docs/version0.49/
- Update to OpenJDK 17.0.12 with OpenJ9 0.46.0 virtual machine
- Including Oracle July 2024 CPU changes
* CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047),
CVE-2024-21140 (boo#1228048), CVE-2024-21147 (boo#1228052),
CVE-2024-21145 (boo#1228051)
* OpenJ9 changes, see https://eclipse.dev/openj9/docs/version0.46/
- Update to OpenJDK 17.0.11 with OpenJ9 0.44.0 virtual machine
- Including Oracle April 2024 CPU changes
* CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986),
CVE-2024-21011...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-67=1
Package List
- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):
java-17-openj9-17.0.14.0-bp156.3.3.1
java-17-openj9-demo-17.0.14.0-bp156.3.3.1
java-17-openj9-devel-17.0.14.0-bp156.3.3.1
java-17-openj9-headless-17.0.14.0-bp156.3.3.1
java-17-openj9-jmods-17.0.14.0-bp156.3.3.1
java-17-openj9-src-17.0.14.0-bp156.3.3.1
- openSUSE Backports SLE-15-SP6 (noarch):
java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1
References
https://www.suse.com/security/cve/CVE-2022-21618.html
https://www.suse.com/security/cve/CVE-2022-21619.html
https://www.suse.com/security/cve/CVE-2022-21624.html
https://www.suse.com/security/cve/CVE-2022-21626.html
https://www.suse.com/security/cve/CVE-2022-21628.html
https://www.suse.com/security/cve/CVE-2022-3676.html
https://www.suse.com/security/cve/CVE-2022-39399.html
https://www.suse.com/security/cve/CVE-2023-21835.html
https://www.suse.com/security/cve/CVE-2023-21843.html
https://www.suse.com/security/cve/CVE-2023-21930.html
https://www.suse.com/security/cve/CVE-2023-21937.html
https://www.suse.com/security/cve/CVE-2023-21938.html
https://www.suse.com/security/cve/CVE-2023-21939.html
https://www.suse.com/security/cve/CVE-2023-21954.html
https://www.suse.com/security/cve/CVE-2023-21967.html
https://www.suse.com/security/cve/CVE-2023-21968.html
https://www.suse.com/security/cve/CVE-2023-22006.html
https://www.suse.com/security/cve/CVE-2023-22025.html
https://www.suse.com/security/cve/CVE-2023-2203...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2025:0067-1
Rating: important
Affected Products:
openSUSE Backports SLE-15-SP6
ble.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!