Detections
Analytics
openSUSE 15 Security Update : java-11-openj9 (openSUSE-SU-2025:0066-1)
critical Nessus Plugin ID 216439
Language:
Synopsis
The remote openSUSE host is missing one or more security updates.Description
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0066-1 advisory.- Update to OpenJDK 11.0.26 with OpenJ9 0.49.0 virtual machine
- Including Oracle October 2024 and January 2025 CPU changes
* CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711), CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719), CVE-2025-21502 (boo#1236278)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.49/
- Update to OpenJDK 11.0.24 with OpenJ9 0.46.0 virtual machine
- Including Oracle July 2024 CPU changes
* CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047), CVE-2024-21140 (boo#1228048), CVE-2024-21144 (boo#1228050), CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.46/
- Update to OpenJDK 11.0.23 with OpenJ9 0.44.0 virtual machine
- Including Oracle April 2024 CPU changes
* CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986), CVE-2024-21011 (boo#1222979), CVE-2024-21085 (boo#1222984), CVE-2024-21068 (boo#1222983)
- Including OpenJ9/OMR specific fix:
* CVE-2024-3933 (boo#1225470)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.44/
- Update to OpenJDK 11.0.22 with OpenJ9 0.43.0 virtual machine
- Including Oracle January 2024 CPU changes
* CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903), CVE-2024-20921 (boo#1218905), CVE-2024-20926 (boo#1218906), CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.43/
- Remove the possibility to put back removes JavaEE modules, since our Java stack does not need this hack any more
- Update to OpenJDK 11.0.21 with OpenJ9 0.41.0 virtual machine
- Including Oracle October 2023 CPU changes
* CVE-2023-22081, boo#1216374
- Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214
* For other OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.41
- Update to OpenJDK 11.0.20.1 with OpenJ9 0.40.0 virtual machine
* JDK-8313765: Invalid CEN header (invalid zip64 extra data field size)
- Update to OpenJDK 11.0.20 with OpenJ9 0.40.0 virtual machine
- Including Oracle April 2023 CPU changes
* CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474), CVE-2023-22041 (boo#1213475), CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.40
- Update to OpenJDK 11.0.19 with OpenJ9 0.38.0 virtual machine
- Including Oracle April 2023 CPU changes
* CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631), CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634), CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636), CVE-2023-21968 (boo#1210637)
* OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.38
- Update to OpenJDK 11.0.18 with OpenJ9 0.36.1 virtual machine
* Including Oracle January 2023 CPU changes
- CVE-2023-21835, boo#1207246
- CVE-2023-21843, boo#1207248
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.36
- Update to OpenJDK 11.0.17 with OpenJ9 0.35.0 virtual machine
* Including Oracle October 2022 CPU changes CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473), CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475), CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480)
* Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.35
- Update to OpenJDK 11.0.16 with OpenJ9 0.33.0 virtual machine
* Including Oracle July 2022 CPU changes CVE-2022-21540 (boo#1201694), CVE-2022-21541 (boo#1201692), CVE-2022-34169 (boo#1201684)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.33
- Update to OpenJDK 11.0.15 with OpenJ9 0.32.0 virtual machine
* Fixes boo#1198935, CVE-2021-41041: unverified methods can be invoked using MethodHandles
* Including Oracle April 2022 CPU fixes CVE-2022-21426 (boo#1198672), CVE-2022-21434 (boo#1198674), CVE-2022-21443 (boo#1198675), CVE-2022-21476 (boo#1198671), CVE-2022-21496 (boo#1198673)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.32
- Update to OpenJDK 11.0.14.1 with OpenJ9 0.30.1 virtual machine
* including Oracle January 2022 CPU changes (boo#1194925, boo#1194926, boo#1194927, boo#1194928, boo#1194929, boo#1194930, boo#1194931, boo#1194932, boo#1194933, boo#1194934, boo#1194935, boo#1194937, boo#1194939, boo#1194940, boo#1194941)
* OpenJ9 changes see https://www.eclipse.org/openj9/docs/version0.30.1
- Update to OpenJDK 11.0.13 with OpenJ9 0.29.0 virtual machine
* including Oracle July 2021 and October 2021 CPU changes (boo#1188564, boo#1188565, boo#1188566, boo#1191901, boo#1191909, boo#1191910, boo#1191911, boo#1191912, boo#1191913, boo#1191903, boo#1191904, boo#1191914, boo#1191906)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.29
- Update to OpenJDK 11.0.11 with OpenJ9 0.26.0 virtual machine
* including Oracle April 2021 CPU changes (boo#1185055 and boo#1185056)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.26
- Update to OpenJDK 11.0.10 with OpenJ9 0.24.0 virtual machine
* including Oracle January 2021 CPU changes (boo#1181239)
* OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.24
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1181239
https://bugzilla.suse.com/1185055
https://bugzilla.suse.com/1185056
https://bugzilla.suse.com/1188564
https://bugzilla.suse.com/1188565
https://bugzilla.suse.com/1188566
https://bugzilla.suse.com/1191901
https://bugzilla.suse.com/1191903
https://bugzilla.suse.com/1191904
https://bugzilla.suse.com/1191906
https://bugzilla.suse.com/1191909
https://bugzilla.suse.com/1191910
https://bugzilla.suse.com/1191911
https://bugzilla.suse.com/1191912
https://bugzilla.suse.com/1191913
https://bugzilla.suse.com/1191914
https://bugzilla.suse.com/1194925
https://bugzilla.suse.com/1194926
https://bugzilla.suse.com/1194927
https://bugzilla.suse.com/1194928
https://bugzilla.suse.com/1194929
https://bugzilla.suse.com/1194930
https://bugzilla.suse.com/1194931
https://bugzilla.suse.com/1194932
https://bugzilla.suse.com/1194933
https://bugzilla.suse.com/1194934
https://bugzilla.suse.com/1194935
https://bugzilla.suse.com/1194937
https://bugzilla.suse.com/1194939
https://bugzilla.suse.com/1194940
https://bugzilla.suse.com/1194941
https://bugzilla.suse.com/1198671
https://bugzilla.suse.com/1198672
https://bugzilla.suse.com/1198673
https://bugzilla.suse.com/1198674
https://bugzilla.suse.com/1198675
https://bugzilla.suse.com/1198935
https://bugzilla.suse.com/1201684
https://bugzilla.suse.com/1201692
https://bugzilla.suse.com/1201694
https://bugzilla.suse.com/1204468
https://bugzilla.suse.com/1204471
https://bugzilla.suse.com/1204472
https://bugzilla.suse.com/1204473
https://bugzilla.suse.com/1204475
https://bugzilla.suse.com/1204480
https://bugzilla.suse.com/1204703
https://bugzilla.suse.com/1206549
https://bugzilla.suse.com/1207246
https://bugzilla.suse.com/1207248
https://bugzilla.suse.com/1207922
https://bugzilla.suse.com/1210628
https://bugzilla.suse.com/1210631
https://bugzilla.suse.com/1210632
https://bugzilla.suse.com/1210634
https://bugzilla.suse.com/1210635
https://bugzilla.suse.com/1210636
https://bugzilla.suse.com/1210637
https://bugzilla.suse.com/1211615
https://bugzilla.suse.com/1213470
https://bugzilla.suse.com/1213473
https://bugzilla.suse.com/1213474
https://bugzilla.suse.com/1213475
https://bugzilla.suse.com/1213481
https://bugzilla.suse.com/1213482
https://bugzilla.suse.com/1216374
https://bugzilla.suse.com/1217214
https://bugzilla.suse.com/1218903
https://bugzilla.suse.com/1218905
https://bugzilla.suse.com/1218906
https://bugzilla.suse.com/1218907
https://bugzilla.suse.com/1218909
https://bugzilla.suse.com/1218911
https://bugzilla.suse.com/1222979
https://bugzilla.suse.com/1222983
https://bugzilla.suse.com/1222984
https://bugzilla.suse.com/1222986
https://bugzilla.suse.com/1222987
https://bugzilla.suse.com/1225470
https://bugzilla.suse.com/1228046
https://bugzilla.suse.com/1228047
https://bugzilla.suse.com/1228048
https://bugzilla.suse.com/1228050
https://bugzilla.suse.com/1228051
https://bugzilla.suse.com/1228052
https://bugzilla.suse.com/1231702
https://bugzilla.suse.com/1231711
https://bugzilla.suse.com/1231716
https://bugzilla.suse.com/1231719
https://bugzilla.suse.com/1236278
https://bugzilla.suse.com/1236804
http://www.nessus.org/u?1d73c3e4
https://www.suse.com/security/cve/CVE-2020-14803
https://www.suse.com/security/cve/CVE-2021-41041
https://www.suse.com/security/cve/CVE-2022-21426
https://www.suse.com/security/cve/CVE-2022-21434
https://www.suse.com/security/cve/CVE-2022-21443
https://www.suse.com/security/cve/CVE-2022-21476
https://www.suse.com/security/cve/CVE-2022-21496
https://www.suse.com/security/cve/CVE-2022-21540
https://www.suse.com/security/cve/CVE-2022-21541
https://www.suse.com/security/cve/CVE-2022-21618
https://www.suse.com/security/cve/CVE-2022-21619
https://www.suse.com/security/cve/CVE-2022-21624
https://www.suse.com/security/cve/CVE-2022-21626
https://www.suse.com/security/cve/CVE-2022-21628
https://www.suse.com/security/cve/CVE-2022-34169
https://www.suse.com/security/cve/CVE-2022-3676
https://www.suse.com/security/cve/CVE-2022-39399
https://www.suse.com/security/cve/CVE-2023-21835
https://www.suse.com/security/cve/CVE-2023-21843
https://www.suse.com/security/cve/CVE-2023-21930
https://www.suse.com/security/cve/CVE-2023-21937
https://www.suse.com/security/cve/CVE-2023-21938
https://www.suse.com/security/cve/CVE-2023-21939
https://www.suse.com/security/cve/CVE-2023-21954
https://www.suse.com/security/cve/CVE-2023-21967
https://www.suse.com/security/cve/CVE-2023-21968
https://www.suse.com/security/cve/CVE-2023-22006
https://www.suse.com/security/cve/CVE-2023-22036
https://www.suse.com/security/cve/CVE-2023-22041
https://www.suse.com/security/cve/CVE-2023-22045
https://www.suse.com/security/cve/CVE-2023-22049
https://www.suse.com/security/cve/CVE-2023-22081
https://www.suse.com/security/cve/CVE-2023-25193
https://www.suse.com/security/cve/CVE-2023-2597
https://www.suse.com/security/cve/CVE-2023-5676
https://www.suse.com/security/cve/CVE-2024-20918
https://www.suse.com/security/cve/CVE-2024-20919
https://www.suse.com/security/cve/CVE-2024-20921
https://www.suse.com/security/cve/CVE-2024-20926
https://www.suse.com/security/cve/CVE-2024-20945
https://www.suse.com/security/cve/CVE-2024-20952
https://www.suse.com/security/cve/CVE-2024-21011
https://www.suse.com/security/cve/CVE-2024-21012
https://www.suse.com/security/cve/CVE-2024-21068
https://www.suse.com/security/cve/CVE-2024-21085
https://www.suse.com/security/cve/CVE-2024-21094
https://www.suse.com/security/cve/CVE-2024-21131
https://www.suse.com/security/cve/CVE-2024-21138
https://www.suse.com/security/cve/CVE-2024-21140
https://www.suse.com/security/cve/CVE-2024-21144
https://www.suse.com/security/cve/CVE-2024-21145
https://www.suse.com/security/cve/CVE-2024-21147
https://www.suse.com/security/cve/CVE-2024-21208
https://www.suse.com/security/cve/CVE-2024-21210
https://www.suse.com/security/cve/CVE-2024-21217
https://www.suse.com/security/cve/CVE-2024-21235
Plugin Details
Severity: Critical
ID: 216439
File Name: openSUSE-2025-0066-1.nasl
Version: 1.2
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 2/19/2025
Updated: 2/19/2025
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2022-21496
CVSS v3
Risk Factor: Critical
Base Score: 9.1
Temporal Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2023-2597
Vulnerability Information
CPE: cpe:/o:novell:opensuse:15.6, p-cpe:/a:novell:opensuse:java-11-openj9-devel, p-cpe:/a:novell:opensuse:java-11-openj9-src, p-cpe:/a:novell:opensuse:java-11-openj9-headless, p-cpe:/a:novell:opensuse:java-11-openj9-javadoc, p-cpe:/a:novell:opensuse:java-11-openj9, p-cpe:/a:novell:opensuse:java-11-openj9-jmods, p-cpe:/a:novell:opensuse:java-11-openj9-demo
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/18/2025
Vulnerability Publication Date: 10/20/2020
Reference Information
CVE: CVE-2020-14803, CVE-2021-41041, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-21540, CVE-2022-21541, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-34169, CVE-2022-3676, CVE-2022-39399, CVE-2023-21835, CVE-2023-21843, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-22081, CVE-2023-25193, CVE-2023-2597, CVE-2023-5676, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-2024-21145, CVE-2024-21147, CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235, CVE-2024-3933, CVE-2025-21502