Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2024:0605-1 Important: Java Security Update For Critical Issues

suse
Calendar Grey February 23, 2024
Dist Suse Esm H88
Crucial security alert for java-1_8_0-ibm on SUSE. Tackles major vulnerabilities and enhances reliability.
* bsc#1218903 * bsc#1218905 * bsc#1218906 * bsc#1218907 * bsc#1218908

Summary

## This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843] Security fixes: * CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library (bsc#1219843). * CVE-2024-20932: Fixed incorrect handling of ZIP files with duplicate entries (bsc#1218908). * CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (bsc#1218911). * CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (bsc#1218907). * CVE-2024-20921: Fixed range check loop optimization issue (bsc#1218905). * CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified bytecode execution (bsc#1218903). * CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn

Topics%20covered

Topics Covered

security advisory critical issue code execution security fix information disclosure SUSE Java update

References

* bsc#1218903

* bsc#1218905

* bsc#1218906

* bsc#1218907

* bsc#1218908

* bsc#1218909

* bsc#1218911

* bsc#1219843

Cross-

* CVE-2023-33850

* CVE-2024-20918

* CVE-2024-20919

* CVE-2024-20921

* CVE-2024-20926

* CVE-2024-20932

* CVE-2024-20945

* CVE-2024-20952

CVSS scores:

* CVE-2023-33850 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-20918 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2024-20919 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-20921 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-20926 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-20932 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:0605-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical issue code execution security fix information disclosure SUSE Java update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here