{"affected":[{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP5","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk-javadoc":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP1-LTSS","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP2-LTSS","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP1","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP2","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 4.3","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Manager%20Proxy%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Manager Server 4.3","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Manager%20Server%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 7.1","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.22.0-150000.3.110.1","java-11-openjdk-demo":"11.0.22.0-150000.3.110.1","java-11-openjdk-devel":"11.0.22.0-150000.3.110.1","java-11-openjdk-headless":"11.0.22.0-150000.3.110.1","java-11-openjdk-javadoc":"11.0.22.0-150000.3.110.1","java-11-openjdk-jmods":"11.0.22.0-150000.3.110.1","java-11-openjdk-src":"11.0.22.0-150000.3.110.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"java-11-openjdk","purl":"pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.22.0-150000.3.110.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-11-openjdk fixes the following issues:\n\nUpdated to version 11.0.22 (January 2024 CPU):\n\n  - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM\n    due to a missing bounds check (bsc#1218907).\n  - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class\n    file verifier (bsc#1218903).\n  - CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM\n    that could lead to corruption of JVM memory (bsc#1218905).\n  - CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906).\n  - CVE-2024-20945: Fixed a potential private key leak through debug\n    logs (bsc#1218909).\n  - CVE-2024-20952: Fixed an RSA padding issue and timing side-channel\n    attack against TLS (bsc#1218911).\n\nFind the full release notes at:\n\nhttps://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029215.html\n","id":"SUSE-SU-2024:0321-1","modified":"2024-02-02T12:51:03Z","published":"2024-02-02T12:51:03Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240321-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218903"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218905"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218906"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218907"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218909"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218911"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20918"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20919"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20921"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20926"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20945"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-20952"}],"related":["CVE-2024-20918","CVE-2024-20919","CVE-2024-20921","CVE-2024-20926","CVE-2024-20945","CVE-2024-20952"],"summary":"Security update for java-11-openjdk","upstream":["CVE-2024-20918","CVE-2024-20919","CVE-2024-20921","CVE-2024-20926","CVE-2024-20945","CVE-2024-20952"]}