openSUSE-SU-2025:0067-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2025:0067-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2025:0067-1

Related

CVE-2022-21618
CVE-2022-21619
CVE-2022-21624
CVE-2022-21626
CVE-2022-21628
CVE-2022-3676
CVE-2022-39399
CVE-2023-21835
CVE-2023-21843
CVE-2023-21930
CVE-2023-21937
CVE-2023-21938
CVE-2023-21939
CVE-2023-21954
CVE-2023-21967
CVE-2023-21968
CVE-2023-22006
CVE-2023-22025
CVE-2023-22036
CVE-2023-22041
CVE-2023-22044
CVE-2023-22045
CVE-2023-22049
CVE-2023-22081
CVE-2023-25193
CVE-2023-2597
CVE-2023-5676
CVE-2024-20918
CVE-2024-20919
CVE-2024-20921
CVE-2024-20932
CVE-2024-20945
CVE-2024-20952
CVE-2024-21011
CVE-2024-21012
CVE-2024-21068
CVE-2024-21094
CVE-2024-21131
CVE-2024-21138
CVE-2024-21140
CVE-2024-21145
CVE-2024-21147
CVE-2024-21208
CVE-2024-21210
CVE-2024-21217
CVE-2024-21235
CVE-2025-21502

Published

2025-02-19T22:53:13Z

Modified

2025-02-19T22:53:13Z

Summary

Security update for java-17-openj9

Details

This update for java-17-openj9 fixes the following issues:

Update to OpenJDK 17.0.14 with OpenJ9 0.49.0 virtual machine
Including Oracle October 2024 and January 2025 CPU changes
- CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711), CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719), CVE-2025-21502 (boo#1236278)
- OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.49/
Update to OpenJDK 17.0.12 with OpenJ9 0.46.0 virtual machine
Including Oracle July 2024 CPU changes
- CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047), CVE-2024-21140 (boo#1228048), CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051)
- OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.46/
Update to OpenJDK 17.0.11 with OpenJ9 0.44.0 virtual machine
Including Oracle April 2024 CPU changes
- CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986), CVE-2024-21011 (boo#1222979), CVE-2024-21068 (boo#1222983)
- OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.44/
Update to OpenJDK 17.0.10 with OpenJ9 0.43.0 virtual machine
Including Oracle January 2024 CPU changes
- CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903), CVE-2024-20921 (boo#1218905), CVE-2024-20932 (boo#1218908), CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)
- OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.43/
Update to OpenJDK 17.0.9 with OpenJ9 0.41.0 virtual machine
Including Oracle October 2023 CPU changes
- CVE-2023-22081, boo#1216374
- CVE-2023-22025, boo#1216339
Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214
- For other OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.41
Update to OpenJDK 17.0.8.1 with OpenJ9 0.40.0 virtual machine
- JDK-8313765: Invalid CEN header (invalid zip64 extra data field size)
Update to OpenJDK 17.0.8 with OpenJ9 0.40.0 virtual machine
Including Oracle July 2023 CPU changes
- CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474), CVE-2023-22041 (boo#1213475), CVE-2023-22044 (boo#1213479), CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922)
- OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.40
Update to OpenJDK 17.0.7 with OpenJ9 0.38.0 virtual machine
Including Oracle April 2023 CPU changes
- CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631), CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634), CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636), CVE-2023-21968 (boo#1210637)
- OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)
- OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.38
Update to OpenJDK 17.0.6 with OpenJ9 0.36.0 virtual machine
- including Oracle January 2023 CPU changes
  - CVE-2023-21835, boo#1207246
  - CVE-2023-21843, boo#1207248
- OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.36
Update to OpenJDK 17.0.5 with OpenJ9 0.35.0 virtual machine
- Including Oracle October 2022 CPU changes CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473), CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475), CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480)
- Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676
- OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.35

References

Affected packages

SUSE:Package Hub 15 SP6 / java-17-openj9

Package

Name: java-17-openj9
Purl: pkg:rpm/suse/java-17-openj9&distro=SUSE%20Package%20Hub%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.0.14.0-bp156.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "java-17-openj9": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-jmods": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-devel": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-src": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-demo": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-headless": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-javadoc": "17.0.14.0-bp156.3.3.1"
        }
    ]
}

openSUSE:Leap 15.6 / java-17-openj9

Package

Name: java-17-openj9
Purl: pkg:rpm/opensuse/java-17-openj9&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.0.14.0-bp156.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "java-17-openj9": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-jmods": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-devel": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-src": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-demo": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-headless": "17.0.14.0-bp156.3.3.1",
            "java-17-openj9-javadoc": "17.0.14.0-bp156.3.3.1"
        }
    ]
}