Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

SUSE-SU-2026:2036-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2026:2036-1

SUSE-SU-2026:2036-1

HIGH8.1

Security update for java-1_8_0-openj9

Published May 21, 2026

Modified 2 weeks ago

Fix available

Details

Description of the patch:

This update for java-1_8_0-openj9 fixes the following issues

CVE-2026-1188: eclipse: ensure room for separator in omrsysinfo_get_processor_feature_string (bsc#1265261).
CVE-2026-22007: APIs in the specified component can lead to an unauthorized read access (bsc#1262490).
CVE-2026-22013: unauthenticated attacker with network access can access to critical data (bsc#1262494).
CVE-2026-22016: APIs in the specified Component can cause unauthorized access to critical data (bsc#1262495).
CVE-2026-22018: unauthenticated attacker with network access can cause a partial denial of service (bsc#1262496).
CVE-2026-22021: APIs in the specified Component can cause a partial denial of service (bsc#1262497).
CVE-2026-23865: Integer overflow in the tt_var_load_item_variation_store function (bsc#1259118).
CVE-2026-34268: unauthenticated attacker with logon can gain unauthorized read access (bsc#1262500).

Changes for java-1_8_0-openj9:

Update to OpenJDK 8u492 build 09 with OpenJ9 0.59.0 virtual machine

Affected Packages

java-1_8_0-openj9

SUSE Linux Enterprise Module for Package Hub 15 SP7

Fixed in:

1.8.0.492-150200.3.68.1

java-1_8_0-openj9-accessibility

SUSE Linux Enterprise Module for Package Hub 15 SP7

Fixed in:

1.8.0.492-150200.3.68.1

java-1_8_0-openj9-demo

SUSE Linux Enterprise Module for Package Hub 15 SP7

Fixed in:

1.8.0.492-150200.3.68.1

java-1_8_0-openj9-devel

SUSE Linux Enterprise Module for Package Hub 15 SP7

Fixed in:

1.8.0.492-150200.3.68.1

java-1_8_0-openj9-headless

SUSE Linux Enterprise Module for Package Hub 15 SP7

Fixed in:

1.8.0.492-150200.3.68.1

java-1_8_0-openj9-src

SUSE Linux Enterprise Module for Package Hub 15 SP7

Fixed in:

1.8.0.492-150200.3.68.1

References

https://bugzilla.suse.com/1259118

https://bugzilla.suse.com/1262490

https://bugzilla.suse.com/1262494

https://bugzilla.suse.com/1262495

https://bugzilla.suse.com/1262496

https://bugzilla.suse.com/1262497

https://bugzilla.suse.com/1262500

https://bugzilla.suse.com/1265261

https://lists.suse.com/pipermail/sle-updates/2026-May/046648.html

https://www.suse.com/security/cve/CVE-2026-1188/

https://www.suse.com/security/cve/CVE-2026-22007/

https://www.suse.com/security/cve/CVE-2026-22013/

https://www.suse.com/security/cve/CVE-2026-22016/

https://www.suse.com/security/cve/CVE-2026-22018/

https://www.suse.com/security/cve/CVE-2026-22021/

https://www.suse.com/security/cve/CVE-2026-23865/

https://www.suse.com/security/cve/CVE-2026-34268/

https://www.suse.com/support/security/rating/

https://www.suse.com/support/update/announcement/2026/suse-su-20262036-1/

CVSS Analysis

CVSS v3.1

8.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Upstream

CVE-2026-1188 CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865 CVE-2026-34268

Ecosystems

SUSE Linux Enterprise Module for Package Hub 15 SP7

Timeline

PublishedMay 21, 2026

ModifiedMay 21, 2026