CLSA-2024:1706696494

[CLSA-2024:1706696494] java-1.8.0-openjdk: Fix of 8 CVEs

Type:

security

Severity:

Important

Release date:

2024-01-31 10:21:37 UTC

Description:

- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs:
- CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler
- CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution
- CVE-2024-20921: Range check loop optimization issue
- CVE-2024-20926: Arbitrary Java code execution in Nashorn
- CVE-2024-20945: Logging of digital signature private keys
- CVE-2024-20952: RSA padding issue and timing side-channel attack against TLS
- CVE-2023-22067: IOR deserialization issue in CORBA (fixed in jdk8u392)
- CVE-2023-22081: Certificate path validation issue during client authentication (fixed in jdk8u392)
- Adapt pr2462 patch to the new sources

Updated packages:

java-1.8.0-openjdk-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:57e695b4f62d7fb502964658001f8f953aef5bc2
java-1.8.0-openjdk-accessibility-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:d9a308c35301e5d30e85ef4a3b2916927b2c5341
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:f609db0cca2148f9ec08a267294e668ea9009507
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:c9874556836c7fd15b8c395376164304a313421b
java-1.8.0-openjdk-demo-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:88c20e6c78540fa8b873d2dc5eed55680d867b5b
java-1.8.0-openjdk-demo-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:912c889aa7556d92ed3e4ddb16f8b0ebebcea08d
java-1.8.0-openjdk-demo-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:3aa080931814712c23650d0b53fed86e1f85a861
java-1.8.0-openjdk-devel-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:327a8a662694828f460d60be6250b89178ee5cf2
java-1.8.0-openjdk-devel-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:9b2cd844f87c5f4378dd35dbd67d505beb09d0da
java-1.8.0-openjdk-devel-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:82c68210eafaec7a9a9211027c11bacd7898db7a
java-1.8.0-openjdk-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:4a2da336bb33e2c93fcbfdd3cfcbf7729f826a29
java-1.8.0-openjdk-headless-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:dd971e019cd1f10f1bcf94e136da9b527fd5e74c
java-1.8.0-openjdk-headless-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:7565cbcac7a8caeaf8c1402a5dd01d75d3d5462d
java-1.8.0-openjdk-headless-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:25315af4d9d8a96e4193193e58db59cd3f80b86f
java-1.8.0-openjdk-javadoc-1.8.0.402.b06-1.el8.tuxcare.els1.noarch.rpm
sha:6c5bdfc7b9c92991c65fe3d295d43df835a6f7be
java-1.8.0-openjdk-javadoc-zip-1.8.0.402.b06-1.el8.tuxcare.els1.noarch.rpm
sha:583cb9f6bbe03def268ba6f20cdc3ed3bd78e71d
java-1.8.0-openjdk-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:97e821536f2354acfd52225991d20106363bd019
java-1.8.0-openjdk-src-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:e6f701e0031eb4b3b1b32580354f179fcf608edf
java-1.8.0-openjdk-src-fastdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:4b9759611027fdebe79fba227566f715323d8a74
java-1.8.0-openjdk-src-slowdebug-1.8.0.402.b06-1.el8.tuxcare.els1.x86_64.rpm
sha:15e8f9d184ff10fe4c2e07fd7aaba36a1002a987

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.