This update for java-11-openjdk fixes the following issues :

Update to upstream tag jdk-11.0.11+9 (April 2021 CPU)

  - CVE-2021-2163: Fixed incomplete enforcement of JAR     signing disabled algorithms (bsc#1185055)

  - CVE-2021-2161: Fixed incorrect handling of partially     quoted arguments in ProcessBuilder (bsc#1185056)

moved mozilla-nss dependency to java-11-openjdk-headless package, this is necessary to be able to do crypto with just java-11-openjdk-headless installed (bsc#1184606).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2021:1554-1)

medium Nessus Plugin ID 149429

Version 1.4

Version 1.3

Version 1.4 Jan 2, 2024, 2:43 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv2 score source (set to "CVE-2021-2161") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202401021443
Version 1.3 Dec 6, 2022, 6:51 PM Reference Plugin Feed: 202212061851