Mageia 2024-0319: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk Security Advisory Updates
Summary
Potential UTF8 size overflow. (CVE-2024-21131)
Excessive symbol length can lead to infinite loop. (CVE-2024-21138)
Range Check Elimination (RCE) pre-loop limit overflow. (CVE-2024-21140)
Pack200 increase loading time due to improper header validation.
(CVE-2024-21144)
Out-of-bounds access in 2D image handling. (CVE-2024-21145)
RangeCheckElimination array index overflow. (CVE-2024-21147)
References
- https://bugs.mageia.org/show_bug.cgi?id=33413
- https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2024:4560
- https://access.redhat.com/errata/RHSA-2024:4567
- https://access.redhat.com/errata/RHSA-2024:4568
- java-latest-openjdk-22.0.2.0.9-1.rolling.1.mga9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21140
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21144
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21145
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21147
Resolution
MGASA-2024-0319 - Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk packages fix security vulnerabilities
SRPMS
- 9/core/java-1.8.0-openjdk-1.8.0.422.b05-1.mga9
- 9/core/java-11-openjdk-11.0.24.0.8-1.mga9
- 9/core/java-17-openjdk-17.0.12.0.7-1.mga9
- 9/core/java-latest-openjdk-22.0.2.0.9-1.rolling.1.mga9