SUSE-CU-2024:438-1: Security update of bci/openjdk
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Feb 3 08:07:17 UTC 2024
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:438-1
Container Tags : bci/openjdk:11 , bci/openjdk:11-14.17
Container Release : 14.17
Severity : important
Type : security
References : 1107342 1215434 1218571 1218903 1218905 1218906 1218907 1218909
1218911 1219238 CVE-2023-7207 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921
CVE-2024-20926 CVE-2024-20945 CVE-2024-20952
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:305-1
Released: Thu Feb 1 17:33:38 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,1219238,CVE-2023-7207
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:321-1
Released: Fri Feb 2 13:51:01 2024
Summary: Security update for java-11-openjdk
Type: security
Severity: important
References: 1218903,1218905,1218906,1218907,1218909,1218911,CVE-2024-20918,CVE-2024-20919,CVE-2024-20921,CVE-2024-20926,CVE-2024-20945,CVE-2024-20952
This update for java-11-openjdk fixes the following issues:
Updated to version 11.0.22 (January 2024 CPU):
- CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM
due to a missing bounds check (bsc#1218907).
- CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class
file verifier (bsc#1218903).
- CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM
that could lead to corruption of JVM memory (bsc#1218905).
- CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906).
- CVE-2024-20945: Fixed a potential private key leak through debug
logs (bsc#1218909).
- CVE-2024-20952: Fixed an RSA padding issue and timing side-channel
attack against TLS (bsc#1218911).
Find the full release notes at:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029215.html
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:322-1
Released: Fri Feb 2 15:13:26 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1107342,1215434
This update for aaa_base fixes the following issues:
- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)
The following package changes have been done:
- cpio-2.13-150400.3.6.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated
- java-11-openjdk-headless-11.0.22.0-150000.3.110.1 updated
- java-11-openjdk-11.0.22.0-150000.3.110.1 updated
- container:sles15-image-15.0.0-36.11.2 updated
More information about the sle-container-updates
mailing list