Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 744
Alerts This Week
Warning Icon 1 744

Ubuntu 23.10 USN-6696-1 critical: OpenJDK 8 security fix overview

ubuntu
Calendar Grey March 18, 2024
Dist Ubuntu Esm H88
Numerous vulnerabilities have been discovered in OpenJDK 8 on Ubuntu. Understand the essential patches and possible repercussions for your setup.
Several security issues were fixed in OpenJDK 8.

Summary

Several security issues were fixed in OpenJDK 8.

Software Description:

- openjdk-8: Open Source Java implementation

Details:

Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly

handled array accesses in the C1 compiler. An attacker could possibly

use this issue to cause a denial of service, execute arbitrary code or

bypass Java sandbox restrictions. (CVE-2024-20918)

It was discovered that the Hotspot component of OpenJDK 8 did not

properly verify bytecode in certain situations. An attacker could

possibly use this issue to bypass Java sandbox restrictions.

(CVE-2024-20919)

It was discovered that the Hotspot component of OpenJDK 8 had an

optimization flaw when generating range check loop predicates. An attacker

could possibly use this issue to cause a denial of service, execute

arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)

Valentin Eudeline discovered that OpenJDK 8 incorrectly handled certain

options in the Nash...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   openjdk-8-jdk                   8u402-ga-2ubuntu1~23.10.1
   openjdk-8-jdk-headless          8u402-ga-2ubuntu1~23.10.1
   openjdk-8-jre                   8u402-ga-2ubuntu1~23.10.1
   openjdk-8-jre-headless          8u402-ga-2ubuntu1~23.10.1
   openjdk-8-jre-zero              8u402-ga-2ubuntu1~23.10.1

Ubuntu 22.04 LTS:
   openjdk-8-jdk                   8u402-ga-2ubuntu1~22.04
   openjdk-8-jdk-headless          8u402-ga-2ubuntu1~22.04
   openjdk-8-jre                   8u402-ga-2ubuntu1~22.04
   openjdk-8-jre-headless          8u402-ga-2ubuntu1~22.04
   openjdk-8-jre-zero              8u402-ga-2ubuntu1~22.04

Ubuntu 20.04 LTS:
   openjdk-8-jdk                   8u402-ga-2ubuntu1~20.04
   openjdk-8-jdk-headless          8u402-ga-2ubuntu1~20.04
   openjdk-8-jre                   8u402-ga-2ubuntu1~20.04
   openjdk-8-jre-headless          8u402-ga-2ubuntu1~20.04
   openjdk-8-jre-zero              8u402-ga-2ubuntu1~20.04

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   openjdk-8-jdk                   8u402-ga-2ubuntu1~18.04
   openjdk-8-jdk-headless          8u402-ga-2ubuntu1~18.04
   openjdk-8-jre                   8u402-ga-2ubuntu1~18.04
   openjdk-8-jre-headless          8u402-ga-2ubuntu1~18.04
   openjdk-8-jre-zero              8u402-ga-2ubuntu1~18.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6696-1

CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926,

CVE-2024-20945, CVE-2024-20952

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6696-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.