Overview

File _patchinfo of Package patchinfo.32871

<patchinfo incident="32871">
  <issue tracker="cve" id="2024-20919"/>
  <issue tracker="cve" id="2024-20952"/>
  <issue tracker="cve" id="2024-20918"/>
  <issue tracker="cve" id="2024-20921"/>
  <issue tracker="cve" id="2024-20926"/>
  <issue tracker="cve" id="2024-20945"/>
  <issue tracker="bnc" id="1218909">VUL-0: CVE-2024-20945: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: logging of digital signature private keys (8316976)</issue>
  <issue tracker="bnc" id="1218907">VUL-0: CVE-2024-20918: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)</issue>
  <issue tracker="bnc" id="1218903">VUL-0: CVE-2024-20919: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)</issue>
  <issue tracker="bnc" id="1218906">VUL-0: CVE-2024-20926: java-11-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: arbitrary Java code execution in Nashorn (8314284)</issue>
  <issue tracker="bnc" id="1218911">VUL-0: CVE-2024-20952: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)</issue>
  <issue tracker="bnc" id="1218905">VUL-0: CVE-2024-20921: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: range check loop optimization issue (8314307)</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openjdk</summary>
  <description>This update for java-1_8_0-openjdk fixes the following issues:

- CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (8317547) (bsc#1218911).
- CVE-2024-20921: Fixed range check loop optimization issue (8314307) (bsc#1218905).
- CVE-2024-20926: Fixed rbitrary Java code execution in Nashorn (8314284) (bsc#1218906).
- CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified byte code execution (8314295) (bsc#1218903).
- CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (8314468) (bsc#1218907).
- CVE-2024-20945: Fixed logging of digital signature private keys (8316976) (bsc#1218909).

Update to version jdk8u402 (icedtea-3.30.0).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places