Overview

File _patchinfo of Package patchinfo.32599

<patchinfo incident="32599">
  <issue tracker="cve" id="2024-20926"/>
  <issue tracker="cve" id="2024-20952"/>
  <issue tracker="cve" id="2024-20919"/>
  <issue tracker="cve" id="2023-5676"/>
  <issue tracker="cve" id="2024-20918"/>
  <issue tracker="cve" id="2024-20921"/>
  <issue tracker="cve" id="2024-20945"/>
  <issue tracker="bnc" id="1218907">VUL-0: CVE-2024-20918: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)</issue>
  <issue tracker="bnc" id="1217214">VUL-0: CVE-2023-5676: java-1_8_0-openj9: receiving a signal before initialization may lead to an infinite loop or unexpected crash</issue>
  <issue tracker="bnc" id="1218911">VUL-0: CVE-2024-20952: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)</issue>
  <issue tracker="bnc" id="1218909">VUL-0: CVE-2024-20945: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: logging of digital signature private keys (8316976)</issue>
  <issue tracker="bnc" id="1218903">VUL-0: CVE-2024-20919: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)</issue>
  <issue tracker="bnc" id="1218905">VUL-0: CVE-2024-20921: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: range check loop optimization issue (8314307)</issue>
  <issue tracker="bnc" id="1218906">VUL-0: CVE-2024-20926: java-11-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: arbitrary Java code execution in Nashorn (8314284)</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openj9</summary>
  <description>This update for java-1_8_0-openj9 fixes the following issues:

Update to OpenJDK 8u402 build 06 with OpenJ9 0.43.0 virtual machine

* Including OpenJ9 0.41.0 fixes of CVE-2023-5676, bsc#1217214
* CVE-2024-20918 (bsc#1218907), CVE-2024-20919 (bsc#1218903),
  CVE-2024-20921 (bsc#1218905), CVE-2024-20926 (bsc#1218906),
  CVE-2024-20945 (bsc#1218909), CVE-2024-20952 (bsc#1218911)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places