{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr8.40-30.132.1","java-1_8_0-ibm-alsa":"1.8.0_sr8.40-30.132.1","java-1_8_0-ibm-devel":"1.8.0_sr8.40-30.132.1","java-1_8_0-ibm-plugin":"1.8.0_sr8.40-30.132.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5-LTSS","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr8.40-30.132.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr8.40-30.132.1","java-1_8_0-ibm-alsa":"1.8.0_sr8.40-30.132.1","java-1_8_0-ibm-devel":"1.8.0_sr8.40-30.132.1","java-1_8_0-ibm-plugin":"1.8.0_sr8.40-30.132.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr8.40-30.132.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_8_0-ibm fixes the following issues:\n\nUpdate to Java 8.0 Service Refresh 8 Fix Pack 40 (bsc#1236470):\n\n- CVE-2025-21502: unauthenticated attacker can obtain unauthorized read and write access to data through the Hotspot\n  component API (bsc#1236278).\n","id":"SUSE-SU-2025:0675-1","modified":"2025-02-24T10:46:04Z","published":"2025-02-24T10:46:04Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20250675-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233296"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236278"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236470"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10917"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21502"}],"related":["CVE-2024-10917","CVE-2025-21502"],"summary":"Security update for java-1_8_0-ibm","upstream":["CVE-2024-10917","CVE-2025-21502"]}