Mageia 2024-0179: java-1.8.0, java-11, java-17, java-latest Security Advisory Updates
Summary
Long Exception message leading to crash. (CVE-2024-21011)
HTTP/2 client improper reverse DNS lookup. (CVE-2024-21012)
Integer overflow in C1 compiler address generation. (CVE-2024-21068)
Pack200 excessive memory allocation. (CVE-2024-21085)
C2 compilation fails with "Exceeded _node_regs array". (CVE-2024-21094)
References
- https://bugs.mageia.org/show_bug.cgi?id=33117
- https://access.redhat.com/errata/RHSA-2024:1817
- https://access.redhat.com/errata/RHSA-2024:1819
- https://access.redhat.com/errata/RHSA-2024:1823
- https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21085
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21068
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21094
Resolution
MGASA-2024-0179 - Updated java-1.8.0, java-11, java-17, java-latest packages fix security vulnerabilities
SRPMS
- 9/core/java-1.8.0-openjdk-1.8.0.412.b08-1.mga9
- 9/core/java-11-openjdk-11.0.23.0.9-1.mga9
- 9/core/java-17-openjdk-17.0.11.0.9-1.mga9
- 9/core/java-latest-openjdk-22.0.1.0.8-1.rolling.1.mga9
