Mageia 9: MGASA-2024-0364 critical: Java heap-buffer overflow
mageia
November 13, 2024
giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function
Summary
giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB
Function. (CVE-2023-48161)
Array indexing integer overflow. (CVE-2024-21210)
HTTP client improper handling of maxHeaderSize. (CVE-2024-21208)
Unbounded allocation leads to out-of-memory error. (CVE-2024-21217)
Integer conversion error leads to incorrect range check.
(CVE-2024-21235)
References
- https://bugs.mageia.org/show_bug.cgi?id=33648
- https://access.redhat.com/errata/RHSA-2024:8117
- https://access.redhat.com/errata/RHSA-2024:8121
- https://access.redhat.com/errata/RHSA-2024:8124
- https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixJAVA
- https://www.cve.org/CVERecord?id=CVE-2023-48161
- https://www.cve.org/CVERecord?id=CVE-2024-21208
- https://www.cve.org/CVERecord?id=CVE-2024-21210
- https://www.cve.org/CVERecord?id=CVE-2024-21217
- https://www.cve.org/CVERecord?id=CVE-2024-21235
Topics Covered
Resolution
SRPMS
- 9/core/java-17-openjdk-17.0.13.0.11-1.mga9
- 9/core/java-11-openjdk-11.0.25.0.9-1.mga9
- 9/core/java-1.8.0-openjdk-1.8.0.432.b06-1.mga9
- 9/core/java-latest-openjdk-23.0.1.0.11-2.rolling.1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 13 Nov 2024
URL: https://advisories.mageia.org/MGASA-2024-0364.html
Type: security
CVE: CVE-2023-48161,
CVE-2024-21208,
CVE-2024-21210,
CVE-2024-21217,
CVE-2024-21235
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!