SUSE-CU-2024:438-1: Security update of bci/openjdk

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Feb 3 08:07:17 UTC 2024 

SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:438-1
Container Tags        : bci/openjdk:11 , bci/openjdk:11-14.17
Container Release     : 14.17
Severity              : important
Type                  : security
References            : 1107342 1215434 1218571 1218903 1218905 1218906 1218907 1218909
                        1218911 1219238 CVE-2023-7207 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921
                        CVE-2024-20926 CVE-2024-20945 CVE-2024-20952 
-----------------------------------------------------------------

The container bci/openjdk was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:305-1
Released:    Thu Feb  1 17:33:38 2024
Summary:     Security update for cpio
Type:        security
Severity:    moderate
References:  1218571,1219238,CVE-2023-7207
This update for cpio fixes the following issues:

- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:321-1
Released:    Fri Feb  2 13:51:01 2024
Summary:     Security update for java-11-openjdk
Type:        security
Severity:    important
References:  1218903,1218905,1218906,1218907,1218909,1218911,CVE-2024-20918,CVE-2024-20919,CVE-2024-20921,CVE-2024-20926,CVE-2024-20945,CVE-2024-20952
This update for java-11-openjdk fixes the following issues:

Updated to version 11.0.22 (January 2024 CPU):

  - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM
    due to a missing bounds check (bsc#1218907).
  - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class
    file verifier (bsc#1218903).
  - CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM
    that could lead to corruption of JVM memory (bsc#1218905).
  - CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906).
  - CVE-2024-20945: Fixed a potential private key leak through debug
    logs (bsc#1218909).
  - CVE-2024-20952: Fixed an RSA padding issue and timing side-channel
    attack against TLS (bsc#1218911).

Find the full release notes at:

https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029215.html

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:322-1
Released:    Fri Feb  2 15:13:26 2024
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1107342,1215434
This update for aaa_base fixes the following issues:

- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)


The following package changes have been done:

- cpio-2.13-150400.3.6.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 updated
- java-11-openjdk-headless-11.0.22.0-150000.3.110.1 updated
- java-11-openjdk-11.0.22.0-150000.3.110.1 updated
- container:sles15-image-15.0.0-36.11.2 updated

More information about the sle-container-updates mailing list