Detections
Analytics

openSUSE 16 Security Update : java-17-openj9 (openSUSE-SU-2026:20943-1)

medium Nessus Plugin ID 321003

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20943-1 advisory.

 Changes in java-17-openj9:

 - Make post scripts less noisy (bsc#1267355)

 - Use libalternatives instead of update-alternatives for distributions where libalternatives is available

 - Update to OpenJDK 17.0.19 with OpenJ9 0.59.0 virtual machine
 - Including Oracle April 2026 CPU changes
 * CVE-2026-22007 (bsc#1262490), CVE-2026-22013 (bsc#1262494), CVE-2026-22016 (bsc#1262495), CVE-2026-22018 (bsc#1262496), CVE-2026-22021 (bsc#1262497), CVE-2026-23865 (bsc#1259118), CVE-2026-34268 (bsc#1262500), CVE-2026-34282 (bsc#1262501)
 - OpenJ9 specific security fix
 * CVE-2026-1188 (bsc#1265261)
 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.59/

 - Update to OpenJDK 17.0.18 with OpenJ9 0.57.0 virtual machine
 - Including Oracle January 2026 CPU changes
 * CVE-2026-21925 (bsc#1257034), CVE-2026-21932 (bsc#1257036), CVE-2026-21933 (bsc#1257037), CVE-2026-21945 (bsc#1257038)
 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.57/

 - Do not depend on update-desktop-files (jsc#PED-14507)

 - Update to OpenJDK 17.0.17 with OpenJ9 0.56.0 virtual machine
 - Including Oracle October 2025 CPU changes
 * CVE-2025-53057 (bsc#1252414), CVE-2025-53066 (bsc#1252417)
 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.56/

 - Update to OpenJDK 17.0.16 with OpenJ9 0.53.0 virtual machine
 - Including Oracle July 2025 CPU changes
 * CVE-2025-30749 (bsc#1246595), CVE-2025-30754 (bsc#1246598), CVE-2025-50059 (bsc#1246575), CVE-2025-50106 (bsc#1246584)
 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.53/
 - Enable bootcycle build

 - Do not embed rebuild counter (bsc#1246806)

 - Add -std=gnu99 to CFLAGS to fix gcc15 compile time error. Since the C++ part is on -std=gnu++98, this is the closest.
 - Added patch:
 * fix-build-with-gcc15.patch
 - fix a typo in omr that is fatal with gcc15

 - Update to OpenJDK 17.0.15 with OpenJ9 0.51.0 virtual machine
 - Including Oracle April 2025 CPU changes
 * CVE-2025-21587 (bsc#1241274), CVE-2025-30691 (bsc#1241275), CVE-2025-30698 (bsc#1241276)
 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.51/

 - fix wrong execstack flag in libj9jit (bsc#1235844)

 - Update to OpenJDK 17.0.14 with OpenJ9 0.49.0 virtual machine
 - Including Oracle October 2024 and January 2025 CPU changes
 * CVE-2024-21208 (bsc#1231702), CVE-2024-21210 (bsc#1231711), CVE-2024-21217 (bsc#1231716), CVE-2024-21235 (bsc#1231719), CVE-2025-21502 (bsc#1236278)
 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.49/

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1231702

https://bugzilla.suse.com/1231711

https://bugzilla.suse.com/1231716

https://bugzilla.suse.com/1231719

https://bugzilla.suse.com/1235844

https://bugzilla.suse.com/1236278

https://bugzilla.suse.com/1236804

https://bugzilla.suse.com/1241274

https://bugzilla.suse.com/1241275

https://bugzilla.suse.com/1241276

https://bugzilla.suse.com/1246575

https://bugzilla.suse.com/1246584

https://bugzilla.suse.com/1246595

https://bugzilla.suse.com/1246598

https://bugzilla.suse.com/1246806

https://bugzilla.suse.com/1252414

https://bugzilla.suse.com/1252417

https://bugzilla.suse.com/1257034

https://bugzilla.suse.com/1257036

https://bugzilla.suse.com/1257037

https://bugzilla.suse.com/1257038

https://bugzilla.suse.com/1259118

https://bugzilla.suse.com/1262490

https://bugzilla.suse.com/1262494

https://bugzilla.suse.com/1262495

https://bugzilla.suse.com/1262496

https://bugzilla.suse.com/1262497

https://bugzilla.suse.com/1262500

https://bugzilla.suse.com/1262501

https://bugzilla.suse.com/1265261

https://bugzilla.suse.com/1267355

https://www.suse.com/security/cve/CVE-2024-21208

https://www.suse.com/security/cve/CVE-2024-21210

https://www.suse.com/security/cve/CVE-2024-21217

https://www.suse.com/security/cve/CVE-2024-21235

https://www.suse.com/security/cve/CVE-2025-21502

https://www.suse.com/security/cve/CVE-2025-21587

https://www.suse.com/security/cve/CVE-2025-30691

https://www.suse.com/security/cve/CVE-2025-30698

https://www.suse.com/security/cve/CVE-2025-30749

https://www.suse.com/security/cve/CVE-2025-30754

https://www.suse.com/security/cve/CVE-2025-50059

https://www.suse.com/security/cve/CVE-2025-50106

https://www.suse.com/security/cve/CVE-2025-53057

https://www.suse.com/security/cve/CVE-2025-53066

https://www.suse.com/security/cve/CVE-2026-1188

https://www.suse.com/security/cve/CVE-2026-21925

https://www.suse.com/security/cve/CVE-2026-21932

https://www.suse.com/security/cve/CVE-2026-21933

https://www.suse.com/security/cve/CVE-2026-21945

https://www.suse.com/security/cve/CVE-2026-22007

https://www.suse.com/security/cve/CVE-2026-22013

https://www.suse.com/security/cve/CVE-2026-22016

https://www.suse.com/security/cve/CVE-2026-22018

https://www.suse.com/security/cve/CVE-2026-22021

https://www.suse.com/security/cve/CVE-2026-23865

https://www.suse.com/security/cve/CVE-2026-34268

https://www.suse.com/security/cve/CVE-2026-34282

Plugin Details

Severity: Medium

ID: 321003

File Name: openSUSE-2026-20943-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/14/2026

Updated: 6/14/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-1188

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Threat Score: 2.7

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-17-openj9-headless, cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:java-17-openj9-demo, p-cpe:/a:novell:opensuse:java-17-openj9, p-cpe:/a:novell:opensuse:java-17-openj9-src, p-cpe:/a:novell:opensuse:java-17-openj9-devel, p-cpe:/a:novell:opensuse:java-17-openj9-jmods, p-cpe:/a:novell:opensuse:java-17-openj9-javadoc

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2026

Vulnerability Publication Date: 10/15/2024

Reference Information

CVE: CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235, CVE-2025-21502, CVE-2025-21587, CVE-2025-30691, CVE-2025-30698, CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106, CVE-2025-53057, CVE-2025-53066, CVE-2026-1188, CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945, CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, CVE-2026-34282