Mageia 9: 2024-0319 critical: Java header validation issues
mageia
September 27, 2024
Potential UTF8 size overflow
Summary
Potential UTF8 size overflow. (CVE-2024-21131)
Excessive symbol length can lead to infinite loop. (CVE-2024-21138)
Range Check Elimination (RCE) pre-loop limit overflow. (CVE-2024-21140)
Pack200 increase loading time due to improper header validation.
(CVE-2024-21144)
Out-of-bounds access in 2D image handling. (CVE-2024-21145)
RangeCheckElimination array index overflow. (CVE-2024-21147)
References
- https://bugs.mageia.org/show_bug.cgi?id=33413
- https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2024:4560
- https://access.redhat.com/errata/RHSA-2024:4567
- https://access.redhat.com/errata/RHSA-2024:4568
- java-latest-openjdk-22.0.2.0.9-1.rolling.1.mga9
- https://www.cve.org/CVERecord?id=CVE-2024-21131
- https://www.cve.org/CVERecord?id=CVE-2024-21138
- https://www.cve.org/CVERecord?id=CVE-2024-21140
- https://www.cve.org/CVERecord?id=CVE-2024-21144
- https://www.cve.org/CVERecord?id=CVE-2024-21145
- https://www.cve.org/CVERecord?id=CVE-2024-21147
Topics Covered
Resolution
SRPMS
- 9/core/java-1.8.0-openjdk-1.8.0.422.b05-1.mga9
- 9/core/java-11-openjdk-11.0.24.0.8-1.mga9
- 9/core/java-17-openjdk-17.0.12.0.7-1.mga9
- 9/core/java-latest-openjdk-22.0.2.0.9-1.rolling.1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 27 Sep 2024
URL: https://advisories.mageia.org/MGASA-2024-0319.html
Type: security
CVE: CVE-2024-21131,
CVE-2024-21138,
CVE-2024-21140,
CVE-2024-21144,
CVE-2024-21145,
CVE-2024-21147
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!