Updated java-1.8.0, java-11, java-17, java-latest packages fix security vulnerabilities
Publication date: 16 May 2024Modification date: 16 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-21011 , CVE-2024-21012 , CVE-2024-21085 , CVE-2024-21068 , CVE-2024-21094
Description
Long Exception message leading to crash. (CVE-2024-21011) HTTP/2 client improper reverse DNS lookup. (CVE-2024-21012) Integer overflow in C1 compiler address generation. (CVE-2024-21068) Pack200 excessive memory allocation. (CVE-2024-21085) C2 compilation fails with "Exceeded _node_regs array". (CVE-2024-21094)
References
- https://bugs.mageia.org/show_bug.cgi?id=33117
- https://access.redhat.com/errata/RHSA-2024:1817
- https://access.redhat.com/errata/RHSA-2024:1819
- https://access.redhat.com/errata/RHSA-2024:1823
- https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21085
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21068
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21094
SRPMS
9/core
- java-1.8.0-openjdk-1.8.0.412.b08-1.mga9
- java-11-openjdk-11.0.23.0.9-1.mga9
- java-17-openjdk-17.0.11.0.9-1.mga9
- java-latest-openjdk-22.0.1.0.8-1.rolling.1.mga9