Update Info

openSUSE-2025-67

Security update for java-17-openj9

Type: security
Severity: important
Issued: 2025-02-19
Description:
This update for java-17-openj9 fixes the following issues:

- Update to OpenJDK 17.0.14 with OpenJ9 0.49.0 virtual machine
- Including Oracle October 2024 and January 2025 CPU changes
  * CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711),
    CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719),
    CVE-2025-21502 (boo#1236278)
  * OpenJ9 changes, see 
    https://www.eclipse.org/openj9/docs/version0.49/

- Update to OpenJDK 17.0.12 with OpenJ9 0.46.0 virtual machine
- Including Oracle July 2024 CPU changes
  * CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047),
    CVE-2024-21140 (boo#1228048), CVE-2024-21147 (boo#1228052),
    CVE-2024-21145 (boo#1228051)
  * OpenJ9 changes, see 
    https://www.eclipse.org/openj9/docs/version0.46/

- Update to OpenJDK 17.0.11 with OpenJ9 0.44.0 virtual machine
- Including Oracle April 2024 CPU changes
  * CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986),
    CVE-2024-21011 (boo#1222979), CVE-2024-21068 (boo#1222983)
  * OpenJ9 changes, see 
    https://www.eclipse.org/openj9/docs/version0.44/

- Update to OpenJDK 17.0.10 with OpenJ9 0.43.0 virtual machine
- Including Oracle January 2024 CPU changes
  * CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903),
    CVE-2024-20921 (boo#1218905), CVE-2024-20932 (boo#1218908),
    CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)
  * OpenJ9 changes, see 
    https://www.eclipse.org/openj9/docs/version0.43/

- Update to OpenJDK 17.0.9 with OpenJ9 0.41.0 virtual machine
- Including Oracle October 2023 CPU changes
  * CVE-2023-22081, boo#1216374
  * CVE-2023-22025, boo#1216339
- Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214
  * For other OpenJ9 changes, see
    https://www.eclipse.org/openj9/docs/version0.41   

- Update to OpenJDK 17.0.8.1 with OpenJ9 0.40.0 virtual machine
  * JDK-8313765: Invalid CEN header (invalid zip64 extra data
    field size)

- Update to OpenJDK 17.0.8 with OpenJ9 0.40.0 virtual machine
- Including Oracle July 2023 CPU changes
  * CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474),
    CVE-2023-22041 (boo#1213475), CVE-2023-22044 (boo#1213479),
    CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482),
    CVE-2023-25193 (boo#1207922)
  * OpenJ9 changes, see
    https://www.eclipse.org/openj9/docs/version0.40

- Update to OpenJDK 17.0.7 with OpenJ9 0.38.0 virtual machine
- Including Oracle April 2023 CPU changes
  * CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631),
    CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634),
    CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636),
    CVE-2023-21968 (boo#1210637)
  * OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)
  * OpenJ9 changes, see
    https://www.eclipse.org/openj9/docs/version0.38

- Update to OpenJDK 17.0.6 with OpenJ9 0.36.0 virtual machine
  * including Oracle January 2023 CPU changes
    + CVE-2023-21835, boo#1207246
    + CVE-2023-21843, boo#1207248
  * OpenJ9 changes, see 
    https://www.eclipse.org/openj9/docs/version0.36

- Update to OpenJDK 17.0.5 with OpenJ9 0.35.0 virtual machine
  * Including Oracle October 2022 CPU changes
    CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473),
    CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475),
    CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480)
  * Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676
  * OpenJ9 changes, see 
    https://www.eclipse.org/openj9/docs/version0.35

References

Packages

  • java-17-openj9-17.0.14.0-bp156.3.3.1