Overview

File _patchinfo of Package patchinfo.32153

<patchinfo incident="32153">
  <issue tracker="cve" id="2024-20945"/>
  <issue tracker="cve" id="2024-20919"/>
  <issue tracker="cve" id="2024-20932"/>
  <issue tracker="cve" id="2024-20952"/>
  <issue tracker="cve" id="2024-20921"/>
  <issue tracker="cve" id="2024-20918"/>
  <issue tracker="bnc" id="1218905">VUL-0: CVE-2024-20921: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: range check loop optimization issue (8314307)</issue>
  <issue tracker="bnc" id="1218903">VUL-0: CVE-2024-20919: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)</issue>
  <issue tracker="bnc" id="1218907">VUL-0: CVE-2024-20918: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)</issue>
  <issue tracker="bnc" id="1218908">VUL-0: CVE-2024-20932: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)</issue>
  <issue tracker="bnc" id="1218911">VUL-0: CVE-2024-20952: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)</issue>
  <issue tracker="bnc" id="1218909">VUL-0: CVE-2024-20945: java-11-openjdk,java-17-openjdk,java-1_8_0-ibm,java-1_8_0-openjdk: OpenJDK: logging of digital signature private keys (8316976)</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-17-openjdk</summary>
  <description>This update for java-17-openjdk fixes the following issues:

Updated to version 17.0.10 (January 2024 CPU):

  - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM
    due to a missing bounds check (bsc#1218907).
  - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class
    file verifier (bsc#1218903).
  - CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM
    that could lead to corruption of JVM memory (bsc#1218905).
  - CVE-2024-20932: Fixed an incorrect handling of ZIP files with
    duplicate entries (bsc#1218908).
  - CVE-2024-20945: Fixed a potential private key leak through debug
    logs (bsc#1218909).
  - CVE-2024-20952: Fixed an RSA padding issue and timing side-channel
    attack against TLS (bsc#1218911).

Find the full release notes at:

https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029089.html
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places