Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-21932 (GCVE-0-2026-21932)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:56 – Updated: 2026-05-12 12:08
VLAI
EPSS
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
- CWE-noinfo Not enough information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cpujan2026.html | vendor-advisory |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle Corporation | Oracle Java SE |
Affected:
8u471
Affected: 8u471-b50 Affected: 8u471-perf Affected: 11.0.29 Affected: 17.0.17 Affected: 21.0.9 Affected: 25.0.1 |
|
| Oracle Corporation | Oracle GraalVM for JDK |
Affected:
17.0.17
Affected: 21.0.9 |
|
| Oracle Corporation | Oracle GraalVM Enterprise Edition |
Affected:
21.3.16
|
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T20:55:36.680427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T20:55:54.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:49.052Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "Oracle Java SE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8u471"
},
{
"status": "affected",
"version": "8u471-b50"
},
{
"status": "affected",
"version": "8u471-perf"
},
{
"status": "affected",
"version": "11.0.29"
},
{
"status": "affected",
"version": "17.0.17"
},
{
"status": "affected",
"version": "21.0.9"
},
{
"status": "affected",
"version": "25.0.1"
}
]
},
{
"product": "Oracle GraalVM for JDK",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "17.0.17"
},
{
"status": "affected",
"version": "21.0.9"
}
]
},
{
"product": "Oracle GraalVM Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "21.3.16"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:java_se:8u471:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
"versionEndIncluding": "b50",
"versionStartIncluding": "8u471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:8u471:*:*:*:enterprise_performance:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:11.0.29:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:17.0.17:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:21.0.9:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:25.0.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.17:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.9:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.16:*:*:*:enterprise:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:56:23.742Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2026-21932",
"datePublished": "2026-01-20T21:56:23.742Z",
"dateReserved": "2026-01-05T18:07:34.709Z",
"dateUpdated": "2026-05-12T12:08:49.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-21932",
"date": "2026-06-13",
"epss": "0.00056",
"percentile": "0.17921"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-21932\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2026-01-20T22:15:55.793\",\"lastModified\":\"2026-05-12T13:17:31.337\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: AWT, JavaFX). Las versiones compatibles afectadas son Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM para JDK: 17.0.17 y 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos requieren interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, los ataques pueden impactar significativamente productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de acceso no autorizados a datos cr\u00edticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, t\u00edpicamente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets de Java en sandbox, que cargan y ejecutan c\u00f3digo no confiable (p. ej., c\u00f3digo que proviene de internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, t\u00edpicamente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (p. ej., c\u00f3digo instalado por un administrador). Puntuaci\u00f3n Base CVSS 3.1 de 7.4 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.3.16:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"625D4829-2E57-4C05-BEFE-CE30F6D16E9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF0F6A0B-89BB-4851-9DF7-2A6C139DAF47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB4F8E6F-3B7D-49D8-8619-63B23F244AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update471:*:*:-:*:*:*\",\"matchCriteriaId\":\"2905151E-7D6C-4E7C-A371-941EABBF6CC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update471:*:*:enterprise_performance_pack:*:*:*\",\"matchCriteriaId\":\"A77BE683-07F2-4A1E-8B62-E104B4866DC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update471_b50:*:*:-:*:*:*\",\"matchCriteriaId\":\"3605CFE2-513B-4384-9617-6F4A86DFCEF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:11.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58D9D6AA-C17D-49FF-93B6-444FEC757A58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:17.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D86D044A-6780-4DD9-85D1-B1EC64ACBF4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:21.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB7B1B52-5FE9-444B-8BD4-6CA4B2B8E78B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:25.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD1D0136-84A2-4EAD-9641-7E96E4386CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update471:*:*:-:*:*:*\",\"matchCriteriaId\":\"FA31F595-0796-4BED-BD29-8C55BBE3792C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update471:*:*:enterprise_performance_pack:*:*:*\",\"matchCriteriaId\":\"AC169A27-61AD-42C8-9127-7B8A8622450D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update471_b50:*:*:-:*:*:*\",\"matchCriteriaId\":\"8EB89776-DD1C-4117-BC7E-B263B6AA9853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:11.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF7696E8-6F94-425E-A62D-D800ED6715D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:17.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3951FD6-E2A7-497A-97AF-976878B512CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:21.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB701439-8B86-41F3-A77E-53C340FF1CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:25.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70279FE8-6A11-405B-80CA-B3427C11B35D\"}]}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpujan2026.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21932\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-21T20:55:36.680427Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-21T20:55:48.830Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Oracle Java SE\", \"versions\": [{\"status\": \"affected\", \"version\": \"8u471\"}, {\"status\": \"affected\", \"version\": \"8u471-b50\"}, {\"status\": \"affected\", \"version\": \"8u471-perf\"}, {\"status\": \"affected\", \"version\": \"11.0.29\"}, {\"status\": \"affected\", \"version\": \"17.0.17\"}, {\"status\": \"affected\", \"version\": \"21.0.9\"}, {\"status\": \"affected\", \"version\": \"25.0.1\"}]}, {\"vendor\": \"Oracle Corporation\", \"product\": \"Oracle GraalVM for JDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.17\"}, {\"status\": \"affected\", \"version\": \"21.0.9\"}]}, {\"vendor\": \"Oracle Corporation\", \"product\": \"Oracle GraalVM Enterprise Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"21.3.16\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujan2026.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:oracle:java_se:8u471:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"b50\", \"versionStartIncluding\": \"8u471\"}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:8u471:*:*:*:enterprise_performance:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:11.0.29:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:17.0.17:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:21.0.9:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:25.0.1:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.17:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.9:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:graalvm:21.3.16:*:*:*:enterprise:*:*:*\", \"vulnerable\": true}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2026-01-20T21:56:23.742Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-21932\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-21T20:55:54.335Z\", \"dateReserved\": \"2026-01-05T18:07:34.709Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2026-01-20T21:56:23.742Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:10093-1
Vulnerability from csaf_opensuse - Published: 2026-01-26 00:00 - Updated: 2026-01-26 00:00Summary
java-21-openjdk-21.0.10.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: java-21-openjdk-21.0.10.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the java-21-openjdk-21.0.10.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10093
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.8 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "java-21-openjdk-21.0.10.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the java-21-openjdk-21.0.10.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10093",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10093-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21925 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21932 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21945 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21945/"
}
],
"title": "java-21-openjdk-21.0.10.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-26T00:00:00Z",
"generator": {
"date": "2026-01-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10093-1",
"initial_release_date": "2026-01-26T00:00:00Z",
"revision_history": [
{
"date": "2026-01-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.10.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-21.0.10.0-1.1.aarch64",
"product_id": "java-21-openjdk-21.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"product_id": "java-21-openjdk-demo-21.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"product_id": "java-21-openjdk-devel-21.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"product_id": "java-21-openjdk-headless-21.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"product_id": "java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"product_id": "java-21-openjdk-jmods-21.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"product_id": "java-21-openjdk-src-21.0.10.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.10.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-21.0.10.0-1.1.ppc64le",
"product_id": "java-21-openjdk-21.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"product_id": "java-21-openjdk-demo-21.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"product_id": "java-21-openjdk-devel-21.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"product_id": "java-21-openjdk-headless-21.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"product_id": "java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"product_id": "java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"product_id": "java-21-openjdk-src-21.0.10.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.10.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-21.0.10.0-1.1.s390x",
"product_id": "java-21-openjdk-21.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"product_id": "java-21-openjdk-demo-21.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"product_id": "java-21-openjdk-devel-21.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"product_id": "java-21-openjdk-headless-21.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"product_id": "java-21-openjdk-javadoc-21.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"product_id": "java-21-openjdk-jmods-21.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.10.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-src-21.0.10.0-1.1.s390x",
"product_id": "java-21-openjdk-src-21.0.10.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.10.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-21.0.10.0-1.1.x86_64",
"product_id": "java-21-openjdk-21.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"product_id": "java-21-openjdk-demo-21.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"product_id": "java-21-openjdk-devel-21.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"product_id": "java-21-openjdk-headless-21.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"product_id": "java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"product_id": "java-21-openjdk-jmods-21.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.10.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-src-21.0.10.0-1.1.x86_64",
"product_id": "java-21-openjdk-src-21.0.10.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-21.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-21.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-21.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-21.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-src-21.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-src-21.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21925"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21925",
"url": "https://www.suse.com/security/cve/CVE-2026-21925"
},
{
"category": "external",
"summary": "SUSE Bug 1257034 for CVE-2026-21925",
"url": "https://bugzilla.suse.com/1257034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21932"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21932",
"url": "https://www.suse.com/security/cve/CVE-2026-21932"
},
{
"category": "external",
"summary": "SUSE Bug 1257036 for CVE-2026-21932",
"url": "https://bugzilla.suse.com/1257036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21933"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21933",
"url": "https://www.suse.com/security/cve/CVE-2026-21933"
},
{
"category": "external",
"summary": "SUSE Bug 1257037 for CVE-2026-21933",
"url": "https://bugzilla.suse.com/1257037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21945"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21945",
"url": "https://www.suse.com/security/cve/CVE-2026-21945"
},
{
"category": "external",
"summary": "SUSE Bug 1257038 for CVE-2026-21945",
"url": "https://bugzilla.suse.com/1257038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-21945"
}
]
}
OPENSUSE-SU-2026:10108-1
Vulnerability from csaf_opensuse - Published: 2026-01-28 00:00 - Updated: 2026-01-28 00:00Summary
java-25-openjdk-25.0.2.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: java-25-openjdk-25.0.2.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the java-25-openjdk-25.0.2.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10108
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.8 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "java-25-openjdk-25.0.2.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the java-25-openjdk-25.0.2.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10108",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10108-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21925 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21932 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21945 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21945/"
}
],
"title": "java-25-openjdk-25.0.2.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-28T00:00:00Z",
"generator": {
"date": "2026-01-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10108-1",
"initial_release_date": "2026-01-28T00:00:00Z",
"revision_history": [
{
"date": "2026-01-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-25-openjdk-25.0.2.0-1.1.aarch64",
"product": {
"name": "java-25-openjdk-25.0.2.0-1.1.aarch64",
"product_id": "java-25-openjdk-25.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"product": {
"name": "java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"product_id": "java-25-openjdk-demo-25.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"product": {
"name": "java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"product_id": "java-25-openjdk-devel-25.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"product": {
"name": "java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"product_id": "java-25-openjdk-headless-25.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"product": {
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"product_id": "java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"product": {
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"product_id": "java-25-openjdk-jmods-25.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"product": {
"name": "java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"product_id": "java-25-openjdk-src-25.0.2.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-25-openjdk-25.0.2.0-1.1.ppc64le",
"product": {
"name": "java-25-openjdk-25.0.2.0-1.1.ppc64le",
"product_id": "java-25-openjdk-25.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"product": {
"name": "java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"product_id": "java-25-openjdk-demo-25.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"product": {
"name": "java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"product_id": "java-25-openjdk-devel-25.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"product": {
"name": "java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"product_id": "java-25-openjdk-headless-25.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"product": {
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"product_id": "java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"product": {
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"product_id": "java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"product": {
"name": "java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"product_id": "java-25-openjdk-src-25.0.2.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-25-openjdk-25.0.2.0-1.1.s390x",
"product": {
"name": "java-25-openjdk-25.0.2.0-1.1.s390x",
"product_id": "java-25-openjdk-25.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"product": {
"name": "java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"product_id": "java-25-openjdk-demo-25.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"product": {
"name": "java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"product_id": "java-25-openjdk-devel-25.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"product": {
"name": "java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"product_id": "java-25-openjdk-headless-25.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"product": {
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"product_id": "java-25-openjdk-javadoc-25.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"product": {
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"product_id": "java-25-openjdk-jmods-25.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-src-25.0.2.0-1.1.s390x",
"product": {
"name": "java-25-openjdk-src-25.0.2.0-1.1.s390x",
"product_id": "java-25-openjdk-src-25.0.2.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-25-openjdk-25.0.2.0-1.1.x86_64",
"product": {
"name": "java-25-openjdk-25.0.2.0-1.1.x86_64",
"product_id": "java-25-openjdk-25.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"product": {
"name": "java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"product_id": "java-25-openjdk-demo-25.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"product": {
"name": "java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"product_id": "java-25-openjdk-devel-25.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"product": {
"name": "java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"product_id": "java-25-openjdk-headless-25.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"product": {
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"product_id": "java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"product": {
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"product_id": "java-25-openjdk-jmods-25.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-src-25.0.2.0-1.1.x86_64",
"product": {
"name": "java-25-openjdk-src-25.0.2.0-1.1.x86_64",
"product_id": "java-25-openjdk-src-25.0.2.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-25.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64"
},
"product_reference": "java-25-openjdk-25.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-25.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le"
},
"product_reference": "java-25-openjdk-25.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-25.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x"
},
"product_reference": "java-25-openjdk-25.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-25.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64"
},
"product_reference": "java-25-openjdk-25.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-demo-25.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64"
},
"product_reference": "java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-demo-25.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le"
},
"product_reference": "java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-demo-25.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x"
},
"product_reference": "java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-demo-25.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64"
},
"product_reference": "java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-devel-25.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64"
},
"product_reference": "java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-devel-25.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le"
},
"product_reference": "java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-devel-25.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x"
},
"product_reference": "java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-devel-25.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64"
},
"product_reference": "java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-headless-25.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64"
},
"product_reference": "java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-headless-25.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le"
},
"product_reference": "java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-headless-25.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x"
},
"product_reference": "java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-headless-25.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64"
},
"product_reference": "java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64"
},
"product_reference": "java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le"
},
"product_reference": "java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x"
},
"product_reference": "java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64"
},
"product_reference": "java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64"
},
"product_reference": "java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le"
},
"product_reference": "java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x"
},
"product_reference": "java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-jmods-25.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64"
},
"product_reference": "java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-src-25.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64"
},
"product_reference": "java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-src-25.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le"
},
"product_reference": "java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-src-25.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x"
},
"product_reference": "java-25-openjdk-src-25.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-src-25.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
},
"product_reference": "java-25-openjdk-src-25.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21925"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21925",
"url": "https://www.suse.com/security/cve/CVE-2026-21925"
},
{
"category": "external",
"summary": "SUSE Bug 1257034 for CVE-2026-21925",
"url": "https://bugzilla.suse.com/1257034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21932"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21932",
"url": "https://www.suse.com/security/cve/CVE-2026-21932"
},
{
"category": "external",
"summary": "SUSE Bug 1257036 for CVE-2026-21932",
"url": "https://bugzilla.suse.com/1257036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21933"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21933",
"url": "https://www.suse.com/security/cve/CVE-2026-21933"
},
{
"category": "external",
"summary": "SUSE Bug 1257037 for CVE-2026-21933",
"url": "https://bugzilla.suse.com/1257037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21945"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21945",
"url": "https://www.suse.com/security/cve/CVE-2026-21945"
},
{
"category": "external",
"summary": "SUSE Bug 1257038 for CVE-2026-21945",
"url": "https://bugzilla.suse.com/1257038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-demo-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-devel-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-headless-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-javadoc-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-jmods-25.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-25-openjdk-src-25.0.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-21945"
}
]
}
OPENSUSE-SU-2026:10136-1
Vulnerability from csaf_opensuse - Published: 2026-02-03 00:00 - Updated: 2026-02-03 00:00Summary
java-1_8_0-openjdk-1.8.0.482-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: java-1_8_0-openjdk-1.8.0.482-1.1 on GA media
Description of the patch: These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.482-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10136
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.8 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "java-1_8_0-openjdk-1.8.0.482-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.482-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10136",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10136-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21925 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21932 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21945 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21945/"
}
],
"title": "java-1_8_0-openjdk-1.8.0.482-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-03T00:00:00Z",
"generator": {
"date": "2026-02-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10136-1",
"initial_release_date": "2026-02-03T00:00:00Z",
"revision_history": [
{
"date": "2026-02-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"product": {
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"product_id": "java-1_8_0-openjdk-1.8.0.482-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"product": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"product_id": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"product": {
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"product_id": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"product": {
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"product_id": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"product": {
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"product_id": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"product": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"product_id": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"product": {
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"product_id": "java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"product_id": "java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"product_id": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"product_id": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"product_id": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"product_id": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"product_id": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"product_id": "java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"product": {
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"product_id": "java-1_8_0-openjdk-1.8.0.482-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"product": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"product_id": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"product": {
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"product_id": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"product": {
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"product_id": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"product": {
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"product_id": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"product": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"product_id": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"product": {
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"product_id": "java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"product_id": "java-1_8_0-openjdk-1.8.0.482-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"product_id": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"product_id": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"product_id": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"product_id": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"product_id": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64",
"product": {
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64",
"product_id": "java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.482-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64"
},
"product_reference": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x"
},
"product_reference": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64"
},
"product_reference": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x"
},
"product_reference": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64"
},
"product_reference": "java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x"
},
"product_reference": "java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
},
"product_reference": "java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21925"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21925",
"url": "https://www.suse.com/security/cve/CVE-2026-21925"
},
{
"category": "external",
"summary": "SUSE Bug 1257034 for CVE-2026-21925",
"url": "https://bugzilla.suse.com/1257034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21932"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21932",
"url": "https://www.suse.com/security/cve/CVE-2026-21932"
},
{
"category": "external",
"summary": "SUSE Bug 1257036 for CVE-2026-21932",
"url": "https://bugzilla.suse.com/1257036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21933"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21933",
"url": "https://www.suse.com/security/cve/CVE-2026-21933"
},
{
"category": "external",
"summary": "SUSE Bug 1257037 for CVE-2026-21933",
"url": "https://bugzilla.suse.com/1257037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21945"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21945",
"url": "https://www.suse.com/security/cve/CVE-2026-21945"
},
{
"category": "external",
"summary": "SUSE Bug 1257038 for CVE-2026-21945",
"url": "https://bugzilla.suse.com/1257038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.482-1.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.482-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-21945"
}
]
}
OPENSUSE-SU-2026:20126-1
Vulnerability from csaf_opensuse - Published: 2026-01-28 16:43 - Updated: 2026-01-28 16:43Summary
Security update for java-21-openjdk
Severity
Important
Notes
Title of the patch: Security update for java-21-openjdk
Description of the patch: This update for java-21-openjdk fixes the following issues:
Update to upstream tag jdk-21.0.10+7 (January 2026 CPU)
Security fixes:
- CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034).
- CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036).
- CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037).
- CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038).
Other fixes:
- Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15217).
Patchnames: openSUSE-Leap-16.0-211
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.8 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-21-openjdk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for java-21-openjdk fixes the following issues:\n\nUpdate to upstream tag jdk-21.0.10+7 (January 2026 CPU)\n\nSecurity fixes:\n\n- CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034).\n- CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036).\n- CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037).\n- CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038).\n\nOther fixes:\n\n- Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15217).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-211",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20126-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1257034",
"url": "https://bugzilla.suse.com/1257034"
},
{
"category": "self",
"summary": "SUSE Bug 1257036",
"url": "https://bugzilla.suse.com/1257036"
},
{
"category": "self",
"summary": "SUSE Bug 1257037",
"url": "https://bugzilla.suse.com/1257037"
},
{
"category": "self",
"summary": "SUSE Bug 1257038",
"url": "https://bugzilla.suse.com/1257038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21925 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21932 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21945 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21945/"
}
],
"title": "Security update for java-21-openjdk",
"tracking": {
"current_release_date": "2026-01-28T16:43:12Z",
"generator": {
"date": "2026-01-28T16:43:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20126-1",
"initial_release_date": "2026-01-28T16:43:12Z",
"revision_history": [
{
"date": "2026-01-28T16:43:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"product": {
"name": "java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"product_id": "java-21-openjdk-21.0.10.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"product": {
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"product_id": "java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"product": {
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"product_id": "java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"product": {
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"product_id": "java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"product": {
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"product_id": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"product": {
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"product_id": "java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"product": {
"name": "java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"product_id": "java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"product": {
"name": "java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"product_id": "java-21-openjdk-21.0.10.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"product": {
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"product_id": "java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"product": {
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"product_id": "java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"product": {
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"product_id": "java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"product": {
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"product_id": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"product": {
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"product_id": "java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"product": {
"name": "java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"product_id": "java-21-openjdk-21.0.10.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"product": {
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"product_id": "java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"product": {
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"product_id": "java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"product": {
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"product_id": "java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"product": {
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"product_id": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"product": {
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"product_id": "java-21-openjdk-src-21.0.10.0-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"product": {
"name": "java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"product_id": "java-21-openjdk-21.0.10.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"product": {
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"product_id": "java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"product": {
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"product_id": "java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"product": {
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"product_id": "java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"product": {
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"product_id": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64",
"product": {
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64",
"product_id": "java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.10.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64"
},
"product_reference": "java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.10.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le"
},
"product_reference": "java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.10.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x"
},
"product_reference": "java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.10.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64"
},
"product_reference": "java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64"
},
"product_reference": "java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le"
},
"product_reference": "java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x"
},
"product_reference": "java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64"
},
"product_reference": "java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64"
},
"product_reference": "java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le"
},
"product_reference": "java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x"
},
"product_reference": "java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64"
},
"product_reference": "java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64"
},
"product_reference": "java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le"
},
"product_reference": "java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x"
},
"product_reference": "java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64"
},
"product_reference": "java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch"
},
"product_reference": "java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64"
},
"product_reference": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le"
},
"product_reference": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x"
},
"product_reference": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64"
},
"product_reference": "java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64"
},
"product_reference": "java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le"
},
"product_reference": "java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x"
},
"product_reference": "java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
},
"product_reference": "java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21925"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21925",
"url": "https://www.suse.com/security/cve/CVE-2026-21925"
},
{
"category": "external",
"summary": "SUSE Bug 1257034 for CVE-2026-21925",
"url": "https://bugzilla.suse.com/1257034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T16:43:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21932"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21932",
"url": "https://www.suse.com/security/cve/CVE-2026-21932"
},
{
"category": "external",
"summary": "SUSE Bug 1257036 for CVE-2026-21932",
"url": "https://bugzilla.suse.com/1257036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T16:43:12Z",
"details": "important"
}
],
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21933"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21933",
"url": "https://www.suse.com/security/cve/CVE-2026-21933"
},
{
"category": "external",
"summary": "SUSE Bug 1257037 for CVE-2026-21933",
"url": "https://bugzilla.suse.com/1257037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T16:43:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21945"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21945",
"url": "https://www.suse.com/security/cve/CVE-2026-21945"
},
{
"category": "external",
"summary": "SUSE Bug 1257038 for CVE-2026-21945",
"url": "https://bugzilla.suse.com/1257038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-demo-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-devel-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-headless-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-javadoc-21.0.10.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-jmods-21.0.10.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-21-openjdk-src-21.0.10.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T16:43:12Z",
"details": "important"
}
],
"title": "CVE-2026-21945"
}
]
}
OPENSUSE-SU-2026:20134-1
Vulnerability from csaf_opensuse - Published: 2026-01-29 17:44 - Updated: 2026-01-29 17:44Summary
Security update for java-17-openjdk
Severity
Important
Notes
Title of the patch: Security update for java-17-openjdk
Description of the patch: This update for java-17-openjdk fixes the following issues:
Upgrade to upstream tag jdk-17.0.18+8 (January 2026 CPU)
Security fixes:
- CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034).
- CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036).
- CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037).
- CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038).
Other fixes:
- OpenJDK rendering blue borders when it should not, due to missing the fix for JDK-6304250 from upstream (bsc#1255446).
- Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15216).
Patchnames: openSUSE-Leap-16.0-219
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.8 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-17-openjdk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for java-17-openjdk fixes the following issues:\n\nUpgrade to upstream tag jdk-17.0.18+8 (January 2026 CPU)\n\nSecurity fixes:\n\n- CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034).\n- CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036).\n- CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037).\n- CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038).\n\nOther fixes:\n\n- OpenJDK rendering blue borders when it should not, due to missing the fix for JDK-6304250 from upstream (bsc#1255446).\n- Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15216).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-219",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20134-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1255446",
"url": "https://bugzilla.suse.com/1255446"
},
{
"category": "self",
"summary": "SUSE Bug 1257034",
"url": "https://bugzilla.suse.com/1257034"
},
{
"category": "self",
"summary": "SUSE Bug 1257036",
"url": "https://bugzilla.suse.com/1257036"
},
{
"category": "self",
"summary": "SUSE Bug 1257037",
"url": "https://bugzilla.suse.com/1257037"
},
{
"category": "self",
"summary": "SUSE Bug 1257038",
"url": "https://bugzilla.suse.com/1257038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21925 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21932 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21945 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21945/"
}
],
"title": "Security update for java-17-openjdk",
"tracking": {
"current_release_date": "2026-01-29T17:44:57Z",
"generator": {
"date": "2026-01-29T17:44:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20134-1",
"initial_release_date": "2026-01-29T17:44:57Z",
"revision_history": [
{
"date": "2026-01-29T17:44:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"product": {
"name": "java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"product_id": "java-17-openjdk-17.0.18.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"product": {
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"product_id": "java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"product": {
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"product_id": "java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"product": {
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"product_id": "java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"product": {
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"product_id": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"product": {
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"product_id": "java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"product": {
"name": "java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"product_id": "java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"product": {
"name": "java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"product_id": "java-17-openjdk-17.0.18.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"product": {
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"product_id": "java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"product": {
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"product_id": "java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"product": {
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"product_id": "java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"product": {
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"product_id": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"product": {
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"product_id": "java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"product": {
"name": "java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"product_id": "java-17-openjdk-17.0.18.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"product": {
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"product_id": "java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"product": {
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"product_id": "java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"product": {
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"product_id": "java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"product": {
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"product_id": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"product": {
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"product_id": "java-17-openjdk-src-17.0.18.0-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"product": {
"name": "java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"product_id": "java-17-openjdk-17.0.18.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"product": {
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"product_id": "java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"product": {
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"product_id": "java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"product": {
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"product_id": "java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"product": {
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"product_id": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64",
"product": {
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64",
"product_id": "java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-17.0.18.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64"
},
"product_reference": "java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-17.0.18.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le"
},
"product_reference": "java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-17.0.18.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x"
},
"product_reference": "java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-17.0.18.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64"
},
"product_reference": "java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64"
},
"product_reference": "java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le"
},
"product_reference": "java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x"
},
"product_reference": "java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64"
},
"product_reference": "java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64"
},
"product_reference": "java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le"
},
"product_reference": "java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x"
},
"product_reference": "java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64"
},
"product_reference": "java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64"
},
"product_reference": "java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le"
},
"product_reference": "java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x"
},
"product_reference": "java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64"
},
"product_reference": "java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch"
},
"product_reference": "java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64"
},
"product_reference": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le"
},
"product_reference": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x"
},
"product_reference": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64"
},
"product_reference": "java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64"
},
"product_reference": "java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le"
},
"product_reference": "java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x"
},
"product_reference": "java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
},
"product_reference": "java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21925"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21925",
"url": "https://www.suse.com/security/cve/CVE-2026-21925"
},
{
"category": "external",
"summary": "SUSE Bug 1257034 for CVE-2026-21925",
"url": "https://bugzilla.suse.com/1257034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T17:44:57Z",
"details": "moderate"
}
],
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21932"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21932",
"url": "https://www.suse.com/security/cve/CVE-2026-21932"
},
{
"category": "external",
"summary": "SUSE Bug 1257036 for CVE-2026-21932",
"url": "https://bugzilla.suse.com/1257036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T17:44:57Z",
"details": "important"
}
],
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21933"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21933",
"url": "https://www.suse.com/security/cve/CVE-2026-21933"
},
{
"category": "external",
"summary": "SUSE Bug 1257037 for CVE-2026-21933",
"url": "https://bugzilla.suse.com/1257037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T17:44:57Z",
"details": "moderate"
}
],
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21945"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21945",
"url": "https://www.suse.com/security/cve/CVE-2026-21945"
},
{
"category": "external",
"summary": "SUSE Bug 1257038 for CVE-2026-21945",
"url": "https://bugzilla.suse.com/1257038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-demo-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-devel-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-headless-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-javadoc-17.0.18.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-jmods-17.0.18.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-17-openjdk-src-17.0.18.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T17:44:57Z",
"details": "important"
}
],
"title": "CVE-2026-21945"
}
]
}
OPENSUSE-SU-2026:20143-1
Vulnerability from csaf_opensuse - Published: 2026-01-30 15:55 - Updated: 2026-01-30 15:55Summary
Security update for java-25-openjdk
Severity
Important
Notes
Title of the patch: Security update for java-25-openjdk
Description of the patch: This update for java-25-openjdk fixes the following issues:
Update to upstream tag jdk-25.0.2+10 (January 2026 CPU)
Security fixes:
- CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034).
- CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036).
- CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037).
- CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038).
Other fixes:
- Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15221).
Patchnames: openSUSE-Leap-16.0-228
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.8 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-25-openjdk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for java-25-openjdk fixes the following issues:\n\nUpdate to upstream tag jdk-25.0.2+10 (January 2026 CPU)\n\nSecurity fixes:\n\n- CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034).\n- CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036).\n- CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037).\n- CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038).\n\nOther fixes:\n\n- Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15221).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-228",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20143-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1257034",
"url": "https://bugzilla.suse.com/1257034"
},
{
"category": "self",
"summary": "SUSE Bug 1257036",
"url": "https://bugzilla.suse.com/1257036"
},
{
"category": "self",
"summary": "SUSE Bug 1257037",
"url": "https://bugzilla.suse.com/1257037"
},
{
"category": "self",
"summary": "SUSE Bug 1257038",
"url": "https://bugzilla.suse.com/1257038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21925 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21932 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21945 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21945/"
}
],
"title": "Security update for java-25-openjdk",
"tracking": {
"current_release_date": "2026-01-30T15:55:47Z",
"generator": {
"date": "2026-01-30T15:55:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20143-1",
"initial_release_date": "2026-01-30T15:55:47Z",
"revision_history": [
{
"date": "2026-01-30T15:55:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"product": {
"name": "java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"product_id": "java-25-openjdk-25.0.2.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"product": {
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"product_id": "java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"product": {
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"product_id": "java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"product": {
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"product_id": "java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"product": {
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"product_id": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"product": {
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"product_id": "java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"product": {
"name": "java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"product_id": "java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"product": {
"name": "java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"product_id": "java-25-openjdk-25.0.2.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"product": {
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"product_id": "java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"product": {
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"product_id": "java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"product": {
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"product_id": "java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"product": {
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"product_id": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"product": {
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"product_id": "java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"product": {
"name": "java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"product_id": "java-25-openjdk-25.0.2.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"product": {
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"product_id": "java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"product": {
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"product_id": "java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"product": {
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"product_id": "java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"product": {
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"product_id": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"product": {
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"product_id": "java-25-openjdk-src-25.0.2.0-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"product": {
"name": "java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"product_id": "java-25-openjdk-25.0.2.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"product": {
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"product_id": "java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"product": {
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"product_id": "java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"product": {
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"product_id": "java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"product": {
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"product_id": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64",
"product": {
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64",
"product_id": "java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-25.0.2.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64"
},
"product_reference": "java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-25.0.2.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le"
},
"product_reference": "java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-25.0.2.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x"
},
"product_reference": "java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-25.0.2.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64"
},
"product_reference": "java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64"
},
"product_reference": "java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le"
},
"product_reference": "java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x"
},
"product_reference": "java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64"
},
"product_reference": "java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64"
},
"product_reference": "java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le"
},
"product_reference": "java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x"
},
"product_reference": "java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64"
},
"product_reference": "java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64"
},
"product_reference": "java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le"
},
"product_reference": "java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x"
},
"product_reference": "java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64"
},
"product_reference": "java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch"
},
"product_reference": "java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64"
},
"product_reference": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le"
},
"product_reference": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x"
},
"product_reference": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64"
},
"product_reference": "java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64"
},
"product_reference": "java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le"
},
"product_reference": "java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x"
},
"product_reference": "java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
},
"product_reference": "java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21925"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21925",
"url": "https://www.suse.com/security/cve/CVE-2026-21925"
},
{
"category": "external",
"summary": "SUSE Bug 1257034 for CVE-2026-21925",
"url": "https://bugzilla.suse.com/1257034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T15:55:47Z",
"details": "moderate"
}
],
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21932"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21932",
"url": "https://www.suse.com/security/cve/CVE-2026-21932"
},
{
"category": "external",
"summary": "SUSE Bug 1257036 for CVE-2026-21932",
"url": "https://bugzilla.suse.com/1257036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T15:55:47Z",
"details": "important"
}
],
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21933"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21933",
"url": "https://www.suse.com/security/cve/CVE-2026-21933"
},
{
"category": "external",
"summary": "SUSE Bug 1257037 for CVE-2026-21933",
"url": "https://bugzilla.suse.com/1257037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T15:55:47Z",
"details": "moderate"
}
],
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21945"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21945",
"url": "https://www.suse.com/security/cve/CVE-2026-21945"
},
{
"category": "external",
"summary": "SUSE Bug 1257038 for CVE-2026-21945",
"url": "https://bugzilla.suse.com/1257038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-demo-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-devel-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-headless-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-javadoc-25.0.2.0-160000.1.1.noarch",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-jmods-25.0.2.0-160000.1.1.x86_64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.aarch64",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.ppc64le",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.s390x",
"openSUSE Leap 16.0:java-25-openjdk-src-25.0.2.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T15:55:47Z",
"details": "important"
}
],
"title": "CVE-2026-21945"
}
]
}
RHSA-2026:0849
Vulnerability from csaf_redhat - Published: 2026-01-21 13:47 - Updated: 2026-06-09 21:08Summary
Red Hat Security Advisory: OpenJDK 11.0.30 ELS Security Update for Windows Builds
Severity
Moderate
Notes
Topic: An update is now available for OpenJDK.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 11 (11.0.30) with Extended Lifecycle Support for Windows serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.29) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* JDK: Improve JMX connections (CVE-2026-21925)
* JDK: Enhance Handling of URIs (CVE-2026-21932)
* JDK: Improve HttpServer Request handling (CVE-2026-21933)
* JDK: Enhance Certificate Checking (CVE-2026-21945)
* JDK: LIBPNG heap buffer overflow (CVE-2025-65018)
* JDK: LIBPNG buffer overflow (CVE-2025-64720)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPENJDK ELS 11.0.30
Red Hat / Red Hat OpenJDK
|
cpe:/a:redhat:openjdk_els:11
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPENJDK ELS 11.0.30
Red Hat / Red Hat OpenJDK
|
cpe:/a:redhat:openjdk_els:11
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPENJDK ELS 11.0.30
Red Hat / Red Hat OpenJDK
|
cpe:/a:redhat:openjdk_els:11
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPENJDK ELS 11.0.30
Red Hat / Red Hat OpenJDK
|
cpe:/a:redhat:openjdk_els:11
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPENJDK ELS 11.0.30
Red Hat / Red Hat OpenJDK
|
cpe:/a:redhat:openjdk_els:11
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OPENJDK ELS 11.0.30
Red Hat / Red Hat OpenJDK
|
cpe:/a:redhat:openjdk_els:11
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for OpenJDK.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 11 (11.0.30) with Extended Lifecycle Support for Windows serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.29) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* JDK: Improve JMX connections (CVE-2026-21925)\n* JDK: Enhance Handling of URIs (CVE-2026-21932)\n* JDK: Improve HttpServer Request handling (CVE-2026-21933)\n* JDK: Enhance Certificate Checking (CVE-2026-21945)\n* JDK: LIBPNG heap buffer overflow (CVE-2025-65018)\n* JDK: LIBPNG buffer overflow (CVE-2025-64720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0849",
"url": "https://access.redhat.com/errata/RHSA-2026:0849"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/11/html/release_notes_for_red_hat_build_of_openjdk_11.0.30/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/11/html/release_notes_for_red_hat_build_of_openjdk_11.0.30/index"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2429925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429925"
},
{
"category": "external",
"summary": "2429926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429926"
},
{
"category": "external",
"summary": "2429927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429927"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0849.json"
}
],
"title": "Red Hat Security Advisory: OpenJDK 11.0.30 ELS Security Update for Windows Builds",
"tracking": {
"current_release_date": "2026-06-09T21:08:37+00:00",
"generator": {
"date": "2026-06-09T21:08:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:0849",
"initial_release_date": "2026-01-21T13:47:54+00:00",
"revision_history": [
{
"date": "2026-01-21T13:47:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-21T13:47:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T21:08:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OPENJDK ELS 11.0.30",
"product": {
"name": "OPENJDK ELS 11.0.30",
"product_id": "OPENJDK ELS 11.0.30",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openjdk_els:11"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenJDK"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.30"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-21T13:47:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.30"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0849"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OPENJDK ELS 11.0.30"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.30"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.30"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-21T13:47:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.30"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0849"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OPENJDK ELS 11.0.30"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.30"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2026-21925",
"cwe": {
"id": "CWE-322",
"name": "Key Exchange without Entity Authentication"
},
"discovery_date": "2026-01-15T11:58:37.537000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429924"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve JMX connections (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.30"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21925"
},
{
"category": "external",
"summary": "RHBZ#2429924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21925",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21925"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-21T13:47:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.30"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.30"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: Improve JMX connections (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21932",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-15T12:01:50.512000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429925"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.30"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21932"
},
{
"category": "external",
"summary": "RHBZ#2429925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429925"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21932",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21932"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-21T13:47:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.30"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.30"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21933",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-01-15T12:03:57.932000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429926"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.30"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21933"
},
{
"category": "external",
"summary": "RHBZ#2429926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429926"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21933"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-21T13:47:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.30"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.30"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21945",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-01-15T12:05:58.026000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429927"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.30"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21945"
},
{
"category": "external",
"summary": "RHBZ#2429927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21945"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-21T13:47:54+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.30"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0849"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.30"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)"
}
]
}
RHSA-2026:0896
Vulnerability from csaf_redhat - Published: 2026-01-26 13:38 - Updated: 2026-03-18 03:16Summary
Red Hat Security Advisory: OpenJDK 8u482 Windows Security Update
Severity
Important
Notes
Topic: An update is now available for OpenJDK.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 8 (8u482) for Windows serves as a replacement for the Red Hat build of OpenJDK 8 (8u472) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* JDK: Improve JMX connections (CVE-2026-21925)
* JDK: Enhance Handling of URIs (CVE-2026-21932)
* JDK: Improve HttpServer Request handling (CVE-2026-21933)
* JDK: Enhance Certificate Checking (CVE-2026-21945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 8u482
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:1.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 8u482
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:1.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 8u482
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:1.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 8u482
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:1.8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for OpenJDK.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 8 (8u482) for Windows serves as a replacement for the Red Hat build of OpenJDK 8 (8u472) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* JDK: Improve JMX connections (CVE-2026-21925)\n\n* JDK: Enhance Handling of URIs (CVE-2026-21932)\n\n* JDK: Improve HttpServer Request handling (CVE-2026-21933)\n\n* JDK: Enhance Certificate Checking (CVE-2026-21945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0896",
"url": "https://access.redhat.com/errata/RHSA-2026:0896"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/8/html/release_notes_for_red_hat_build_of_openjdk_8.0.482/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/8/html/release_notes_for_red_hat_build_of_openjdk_8.0.482/index"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0896.json"
}
],
"title": "Red Hat Security Advisory: OpenJDK 8u482 Windows Security Update",
"tracking": {
"current_release_date": "2026-03-18T03:16:46+00:00",
"generator": {
"date": "2026-03-18T03:16:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:0896",
"initial_release_date": "2026-01-26T13:38:38+00:00",
"revision_history": [
{
"date": "2026-01-26T13:38:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-26T13:38:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:16:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Build of OpenJDK 8u482",
"product": {
"name": "Red Hat Build of OpenJDK 8u482",
"product_id": "Red Hat Build of OpenJDK 8u482",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openjdk:1.8"
}
}
}
],
"category": "product_family",
"name": "OpenJDK"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21925",
"cwe": {
"id": "CWE-322",
"name": "Key Exchange without Entity Authentication"
},
"discovery_date": "2026-01-15T11:58:37.537000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429924"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve JMX connections (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 8u482"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21925"
},
{
"category": "external",
"summary": "RHBZ#2429924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21925",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21925"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:38:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 8u482"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0896"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 8u482"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: Improve JMX connections (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21932",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-15T12:01:50.512000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429925"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 8u482"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21932"
},
{
"category": "external",
"summary": "RHBZ#2429925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429925"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21932",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21932"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:38:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 8u482"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0896"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 8u482"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21933",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-01-15T12:03:57.932000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429926"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 8u482"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21933"
},
{
"category": "external",
"summary": "RHBZ#2429926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429926"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21933"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:38:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 8u482"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0896"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 8u482"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21945",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-01-15T12:05:58.026000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429927"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 8u482"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21945"
},
{
"category": "external",
"summary": "RHBZ#2429927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21945"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:38:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 8u482"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0896"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 8u482"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)"
}
]
}
RHSA-2026:0898
Vulnerability from csaf_redhat - Published: 2026-01-26 13:39 - Updated: 2026-03-18 03:16Summary
Red Hat Security Advisory: OpenJDK 17.0.18 Security Update for Windows Builds
Severity
Important
Notes
Topic: An update is now available for OpenJDK.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 17 (17.0.18) for Windows serves as a replacement for the Red Hat build of OpenJDK 17 (17.0.17) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* JDK: Improve JMX connections (CVE-2026-21925)
* JDK: Enhance Handling of URIs (CVE-2026-21932)
* JDK: Improve HttpServer Request handling (CVE-2026-21933)
* JDK: Enhance Certificate Checking (CVE-2026-21945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 17.0.18
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:17
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 17.0.18
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:17
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 17.0.18
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:17
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 17.0.18
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:17
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for OpenJDK.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 17 (17.0.18) for Windows serves as a replacement for the Red Hat build of OpenJDK 17 (17.0.17) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* JDK: Improve JMX connections (CVE-2026-21925)\n\n* JDK: Enhance Handling of URIs (CVE-2026-21932)\n\n* JDK: Improve HttpServer Request handling (CVE-2026-21933)\n\n* JDK: Enhance Certificate Checking (CVE-2026-21945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0898",
"url": "https://access.redhat.com/errata/RHSA-2026:0898"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/17/html/release_notes_for_red_hat_build_of_openjdk_17.0.18/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/17/html/release_notes_for_red_hat_build_of_openjdk_17.0.18/index"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0898.json"
}
],
"title": "Red Hat Security Advisory: OpenJDK 17.0.18 Security Update for Windows Builds",
"tracking": {
"current_release_date": "2026-03-18T03:16:43+00:00",
"generator": {
"date": "2026-03-18T03:16:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:0898",
"initial_release_date": "2026-01-26T13:39:49+00:00",
"revision_history": [
{
"date": "2026-01-26T13:39:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-26T13:39:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:16:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Build of OpenJDK 17.0.18",
"product": {
"name": "Red Hat Build of OpenJDK 17.0.18",
"product_id": "Red Hat Build of OpenJDK 17.0.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openjdk:17"
}
}
}
],
"category": "product_family",
"name": "OpenJDK"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21925",
"cwe": {
"id": "CWE-322",
"name": "Key Exchange without Entity Authentication"
},
"discovery_date": "2026-01-15T11:58:37.537000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429924"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve JMX connections (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 17.0.18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21925"
},
{
"category": "external",
"summary": "RHBZ#2429924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21925",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21925"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 17.0.18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0898"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 17.0.18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: Improve JMX connections (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21932",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-15T12:01:50.512000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429925"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 17.0.18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21932"
},
{
"category": "external",
"summary": "RHBZ#2429925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429925"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21932",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21932"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 17.0.18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0898"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 17.0.18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21933",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-01-15T12:03:57.932000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429926"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 17.0.18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21933"
},
{
"category": "external",
"summary": "RHBZ#2429926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429926"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21933"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 17.0.18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0898"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 17.0.18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21945",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-01-15T12:05:58.026000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429927"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 17.0.18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21945"
},
{
"category": "external",
"summary": "RHBZ#2429927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21945"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:39:49+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 17.0.18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0898"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 17.0.18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)"
}
]
}
RHSA-2026:0900
Vulnerability from csaf_redhat - Published: 2026-01-26 13:41 - Updated: 2026-03-18 03:16Summary
Red Hat Security Advisory: OpenJDK 21.0.10 Security Update for Windows Builds
Severity
Important
Notes
Topic: An update is now available for OpenJDK.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 21 (21.0.10) for Windows serves as a replacement for the Red Hat build of OpenJDK 21 (21.0.9) and includes security and bug fixes. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* JDK: Improve JMX connections (CVE-2026-21925)
* JDK: Enhance Handling of URIs (CVE-2026-21932)
* JDK: Improve HttpServer Request handling (CVE-2026-21933)
* JDK: Enhance Certificate Checking (CVE-2026-21945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 21.0.10
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:21
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 21.0.10
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:21
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 21.0.10
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:21
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of OpenJDK 21.0.10
Red Hat / OpenJDK
|
cpe:/a:redhat:openjdk:21
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for OpenJDK.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 21 (21.0.10) for Windows serves as a replacement for the Red Hat build of OpenJDK 21 (21.0.9) and includes security and bug fixes. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* JDK: Improve JMX connections (CVE-2026-21925)\n\n* JDK: Enhance Handling of URIs (CVE-2026-21932)\n\n* JDK: Improve HttpServer Request handling (CVE-2026-21933)\n\n* JDK: Enhance Certificate Checking (CVE-2026-21945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0900",
"url": "https://access.redhat.com/errata/RHSA-2026:0900"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/21/html/release_notes_for_red_hat_build_of_openjdk_21.0.10/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/21/html/release_notes_for_red_hat_build_of_openjdk_21.0.10/index"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0900.json"
}
],
"title": "Red Hat Security Advisory: OpenJDK 21.0.10 Security Update for Windows Builds",
"tracking": {
"current_release_date": "2026-03-18T03:16:45+00:00",
"generator": {
"date": "2026-03-18T03:16:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:0900",
"initial_release_date": "2026-01-26T13:41:51+00:00",
"revision_history": [
{
"date": "2026-01-26T13:41:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-26T13:41:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:16:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Build of OpenJDK 21.0.10",
"product": {
"name": "Red Hat Build of OpenJDK 21.0.10",
"product_id": "Red Hat Build of OpenJDK 21.0.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openjdk:21"
}
}
}
],
"category": "product_family",
"name": "OpenJDK"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21925",
"cwe": {
"id": "CWE-322",
"name": "Key Exchange without Entity Authentication"
},
"discovery_date": "2026-01-15T11:58:37.537000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429924"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve JMX connections (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21925"
},
{
"category": "external",
"summary": "RHBZ#2429924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21925",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21925"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:41:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0900"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: Improve JMX connections (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21932",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-01-15T12:01:50.512000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429925"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21932"
},
{
"category": "external",
"summary": "RHBZ#2429925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429925"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21932",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21932"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:41:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0900"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21933",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-01-15T12:03:57.932000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429926"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21933"
},
{
"category": "external",
"summary": "RHBZ#2429926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429926"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21933"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:41:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0900"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)"
},
{
"cve": "CVE-2026-21945",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-01-15T12:05:58.026000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429927"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of OpenJDK 21.0.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21945"
},
{
"category": "external",
"summary": "RHBZ#2429927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21945"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"
}
],
"release_date": "2026-01-20T21:21:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-26T13:41:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Build of OpenJDK 21.0.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0900"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of OpenJDK 21.0.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…