MGASA-2024-0179 - Updated java-1.8.0, java-11, java-17, java-latest packages fix security vulnerabilities

Publication date: 16 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0179.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2024-21011,
     CVE-2024-21012,
     CVE-2024-21085,
     CVE-2024-21068,
     CVE-2024-21094

Long Exception message leading to crash. (CVE-2024-21011)
HTTP/2 client improper reverse DNS lookup. (CVE-2024-21012)
Integer overflow in C1 compiler address generation. (CVE-2024-21068)
Pack200 excessive memory allocation. (CVE-2024-21085)
C2 compilation fails with "Exceeded _node_regs array". (CVE-2024-21094)

References:
- https://bugs.mageia.org/show_bug.cgi?id=33117
- https://access.redhat.com/errata/RHSA-2024:1817
- https://access.redhat.com/errata/RHSA-2024:1819
- https://access.redhat.com/errata/RHSA-2024:1823
- https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21085
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21068
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21094

SRPMS:
- 9/core/java-1.8.0-openjdk-1.8.0.412.b08-1.mga9
- 9/core/java-11-openjdk-11.0.23.0.9-1.mga9
- 9/core/java-17-openjdk-17.0.11.0.9-1.mga9
- 9/core/java-latest-openjdk-22.0.1.0.8-1.rolling.1.mga9