[CLSA-2024:1732194412] Fix of 14 CVEs
Type:
security
Severity:
Important
Release date:
2024-11-21 13:07:03 UTC
Description:
* Update to 8u432-ga fixing a number of CVEs - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: infinite loop vunlerability in SymbolTable - CVE-2024-21140: int overflow/underflow in Range Check Elimination - CVE-2024-21144: invalid header validation leads to Pack200 excessive loading time - CVE-2024-21145: out-of-bounds access in MaskFill - CVE-2024-21147: out-of-bounds array index in Range Check Elimination - CVE-2024-21208: improper handling of maxHeaderSize in HTTP client - CVE-2024-21210: integer overflow in array indexing in SuperWord - CVE-2024-21217: out-of-memory because of unbounded allocation in MessageFormat - CVE-2024-21235: incorrect range check because of integer conversion error in LoopNode * Update patches - debian/patches/zero-sh.diff * Remove patches that became part of the update - debian/patches/CVE-2024-21011.patch - debian/patches/CVE-2024-21068.patch - debian/patches/CVE-2024-21085.patch - debian/patches/CVE-2024-21094.patch
Updated packages:
  • openjdk-8-demo_8u432-ga-0ubuntu1~18.04+tuxcare.els1_amd64.deb
    sha:1662dc28074706ccb900ff60031c547961d55089
  • openjdk-8-doc_8u432-ga-0ubuntu1~18.04+tuxcare.els1_all.deb
    sha:cd792210b28ef1e01961ebe6740f73036ae41c61
  • openjdk-8-jdk_8u432-ga-0ubuntu1~18.04+tuxcare.els1_amd64.deb
    sha:13eeb1e9722dfb343a84b2a23006aebf9e0d7bfa
  • openjdk-8-jdk-headless_8u432-ga-0ubuntu1~18.04+tuxcare.els1_amd64.deb
    sha:f852ed8095e8e19db3ec4e0d6996a32eb5d5e103
  • openjdk-8-jre_8u432-ga-0ubuntu1~18.04+tuxcare.els1_amd64.deb
    sha:6afca9685cc7b275e37b5d0c7a4c7668b2456398
  • openjdk-8-jre-headless_8u432-ga-0ubuntu1~18.04+tuxcare.els1_amd64.deb
    sha:4218941a862765d087e55adf04ef78d75aeeb948
  • openjdk-8-jre-zero_8u432-ga-0ubuntu1~18.04+tuxcare.els1_amd64.deb
    sha:19152d9d570b14ef74974c91bed07c7382789abc
  • openjdk-8-source_8u432-ga-0ubuntu1~18.04+tuxcare.els1_all.deb
    sha:350d994b8ff3cf4b4a8405c05d9cbdfae0c19447
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.