Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2024:2628-1 Important: Java-17-OpenJDK Security Update Details

suse
Calendar Grey July 30, 2024
Dist Suse Esm H88
Crucial security patch for python3-3.9 highlighting various vulnerabilities in Fedora. Review the setup instructions today!
* bsc#1227298 * bsc#1228046 * bsc#1228047 * bsc#1228048 * bsc#1228051

Summary

## This update for java-17-openjdk fixes the following issues: Updated to version 17.0.12+7 (July 2024 CPU): * CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). * CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). * CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). * CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). * CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2628=1 * openSUSE Leap 15.5

Topics%20covered

Topics Covered

security advisory update vulnerability important openSUSE java-17-openjdk

References

* bsc#1227298

* bsc#1228046

* bsc#1228047

* bsc#1228048

* bsc#1228051

* bsc#1228052

Cross-

* CVE-2024-21131

* CVE-2024-21138

* CVE-2024-21140

* CVE-2024-21145

* CVE-2024-21147

CVSS scores:

* CVE-2024-21131 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2024-21138 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-21140 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-21145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-21147 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP5

* Basesystem Module 15-SP6

* Legacy Module 15-SP6

* openSUSE Leap 15.4

* openSUSE Leap 15.5

* openSUSE Leap 15.6

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:2628-1
Rating: important

Topics%20covered

Topics Covered

security advisory update vulnerability important openSUSE java-17-openjdk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here