Overview

File _patchinfo of Package patchinfo.32681

<patchinfo incident="32681">
  <issue tracker="bnc" id="1218908">VUL-0: CVE-2024-20932: java-17-openjdk: OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)</issue>
  <issue tracker="bnc" id="1218903">VUL-0: CVE-2024-20919: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)</issue>
  <issue tracker="bnc" id="1218906">VUL-0: CVE-2024-20926: java-11-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: arbitrary Java code execution in Nashorn (8314284)</issue>
  <issue tracker="bnc" id="1218909">VUL-0: CVE-2024-20945: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: logging of digital signature private keys (8316976)</issue>
  <issue tracker="bnc" id="1218905">VUL-0: CVE-2024-20921: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: range check loop optimization issue (8314307)</issue>
  <issue tracker="bnc" id="1218911">VUL-0: CVE-2024-20952: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)</issue>
  <issue tracker="bnc" id="1218907">VUL-0: CVE-2024-20918: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)</issue>
  <issue tracker="bnc" id="1219843">VUL-0: java-1_8_0-ibm: IBM Security Update February 2024 and Oracle January 16 2024 CPU</issue>
  <issue tracker="cve" id="2024-20945"/>
  <issue tracker="cve" id="2024-20921"/>
  <issue tracker="cve" id="2023-33850"/>
  <issue tracker="cve" id="2024-20926"/>
  <issue tracker="cve" id="2024-20952"/>
  <issue tracker="cve" id="2024-20919"/>
  <issue tracker="cve" id="2024-20918"/>
  <issue tracker="cve" id="2024-20932"/>
  <packager>pmonrealgonzalez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-ibm</summary>
  <description>This update for java-1_8_0-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843]

Security fixes:

- CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library (bsc#1219843).
- CVE-2024-20932: Fixed incorrect handling of ZIP files with duplicate entries (bsc#1218908).
- CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (bsc#1218911).
- CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (bsc#1218907).
- CVE-2024-20921: Fixed range check loop optimization issue (bsc#1218905).
- CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified bytecode execution (bsc#1218903).
- CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906).
- CVE-2024-20945: Fixed logging of digital signature private keys (bsc#1218909).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places