Mageia Advisory: MGASA-2024-0061 - Updated java 1.8.0, 11 & latest packages fix security vulnerabilities

Updated java 1.8.0, 11 & latest packages fix security vulnerabilities

Publication date: 15 Mar 2024
Modification date: 15 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-20918 , CVE-2024-20952 , CVE-2024-20926 , CVE-2024-20919 , CVE-2024-20921 , CVE-2024-20945

Description

The updated packages fix security vulnerabilities:
Array out-of-bounds access due to missing range check in C1 compiler.
(CVE-2024-20918)
RSA padding issue and timing side-channel attack against TLS.
(CVE-2024-20952)
Arbitrary Java code execution in Nashorn. (CVE-2024-20926)
JVM class file verifier flaw allows unverified bytecode execution.
(CVE-2024-20919)
Range check loop optimization issue. (CVE-2024-20921)
Logging of digital signature private keys. (CVE-2024-20945)

References

https://bugs.mageia.org/show_bug.cgi?id=32724
https://access.redhat.com/errata/RHSA-2024:0225
https://access.redhat.com/errata/RHSA-2024:0234
https://access.redhat.com/errata/RHSA-2024:0249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945

SRPMS

9/core

java-11-openjdk-11.0.22.0.7-1.mga9
java-1.8.0-openjdk-1.8.0.402.b06-1.mga9
java-latest-openjdk-21.0.2.0.13-1.rolling.1.mga9

Advisories » MGASA-2024-0061

Updated java 1.8.0, 11 & latest packages fix security vulnerabilities

Description

References

SRPMS

9/core