Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2024:0325-1 Important: Java 17 OpenJDK Critical Issues

suse
Calendar Grey February 5, 2024
Dist Suse Esm H88
The latest security patch for Java 17 OpenJDK addresses numerous serious vulnerabilities. It is vital to keep your systems up to date.
* bsc#1218903 * bsc#1218905 * bsc#1218907 * bsc#1218908 * bsc#1218909

Summary

## This update for java-17-openjdk fixes the following issues: Updated to version 17.0.10 (January 2024 CPU): * CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check (bsc#1218907). * CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier (bsc#1218903). * CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM that could lead to corruption of JVM memory (bsc#1218905). * CVE-2024-20932: Fixed an incorrect handling of ZIP files with duplicate entries (bsc#1218908). * CVE-2024-20945: Fixed a potential private key leak through debug logs (bsc#1218909). * CVE-2024-20952: Fixed an RSA padding issue and timing side-channel attack against TLS (bsc#1218911). Find the full release notes at:

Topics%20covered

Topics Covered

security advisory critical issue important suse java-17-openjdk

References

* bsc#1218903

* bsc#1218905

* bsc#1218907

* bsc#1218908

* bsc#1218909

* bsc#1218911

Cross-

* CVE-2024-20918

* CVE-2024-20919

* CVE-2024-20921

* CVE-2024-20932

* CVE-2024-20945

* CVE-2024-20952

CVSS scores:

* CVE-2024-20918 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2024-20919 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-20921 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-20932 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-20945 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-20952 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP5

* openSUSE Leap 15.4

* openSUSE Leap 15.5

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:0325-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical issue important suse java-17-openjdk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here