CLSA-2024:1706696899

[CLSA-2024:1706696899] java-1.8.0-openjdk: Fix of 8 CVEs

Type:

security

Severity:

Important

Release date:

2024-01-31 10:28:23 UTC

Description:

- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs:
- CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler
- CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution
- CVE-2024-20921: Range check loop optimization issue
- CVE-2024-20926: Arbitrary Java code execution in Nashorn
- CVE-2024-20945: Logging of digital signature private keys
- CVE-2024-20952: RSA padding issue and timing side-channel attack against TLS
- CVE-2023-22067: IOR deserialization issue in CORBA (fixed in jdk8u392)
- CVE-2023-22081: Certificate path validation issue during client authentication (fixed in jdk8u392)
- Adapt pr2462 patch to the new sources

Updated packages:

java-1.8.0-openjdk-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:eaa5780de2cf1b8bc6b3e763c643199c7c8bb524
java-1.8.0-openjdk-accessibility-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:128a425952353508599b21895ddcdf5f9e907f75
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:1040712cd1a93860888c1d672c319d6ebd0c989c
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:9d10caf8f16b5d26878ab5522f7a3b1649caae17
java-1.8.0-openjdk-demo-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:927062e0150b1472f7a8b57c7045a34e4e9d5827
java-1.8.0-openjdk-demo-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:52b3b5faf39bd9294f86b6fc22a108254f876649
java-1.8.0-openjdk-demo-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:0801c07848517c243c2a22529144db3b2b4db845
java-1.8.0-openjdk-devel-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:3260adb72510abcdd757e4afd3e12721441977c3
java-1.8.0-openjdk-devel-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:8951fed2d97509b2251b82b9884eba91afe67e7e
java-1.8.0-openjdk-devel-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:8ea818008eafa06dd4d489fbffdd98aa86a1b8c0
java-1.8.0-openjdk-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:d3c52abccde310cffa73d3df4db80e38257bbd91
java-1.8.0-openjdk-headless-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:21e6f949807300667352db3e40bc9c0dcfd4cf55
java-1.8.0-openjdk-headless-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:8a6381a5a89fba10eef7dcd62fb83bb8d8957232
java-1.8.0-openjdk-headless-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:65c4a5d9d76186cee55447baa47b9839018ef128
java-1.8.0-openjdk-javadoc-1.8.0.402.b06-1.el8.tuxcare.els1.noarch.rpm
sha:0c2bd2fb8a9b02800430e327b070beae8f11f1ea
java-1.8.0-openjdk-javadoc-zip-1.8.0.402.b06-1.el8.tuxcare.els1.noarch.rpm
sha:0293c169a6cd9beb027b3b04105c6ec500a44597
java-1.8.0-openjdk-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:40be96668a3050ae24918cb3c828dff859a4a760
java-1.8.0-openjdk-src-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:18ba2adf7f4c2003bb651fb8c2316fcff93e9beb
java-1.8.0-openjdk-src-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:9c10e38c5616c51109c81e643ac6ff28f04050a0
java-1.8.0-openjdk-src-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:b684c2614745bf9e33d8e77f7c90c1ec48840ea8

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.