Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Ubuntu 24.10: USN-7339-1 critical: openjdk-21-crac DoS and info exposure

ubuntu
Calendar Grey March 11, 2025
Dist Ubuntu Esm H88
The recent security patches for CRaC JDK 21 on Ubuntu addressed vulnerabilities that might result in service disruptions and unauthorized data access.
Several security issues were fixed in CRaC JDK 21.

Summary

Several security issues were fixed in CRaC JDK 21.

Software Description:

- openjdk-21-crac: Open Source Java implementation with Coordinated Restore

at Checkpoints

Details:

Andy Boothe discovered that the Networking component of CRaC JDK 21 did not

properly handle access under certain circumstances. An unauthenticated

attacker could possibly use this issue to cause a denial of service.

(CVE-2024-21208)

It was discovered that the Hotspot component of CRaC JDK 21 did not

properly handle vectorization under certain circumstances. An

unauthenticated attacker could possibly use this issue to access

unauthorized resources and expose sensitive information.

(CVE-2024-21210, CVE-2024-21235)

It was discovered that the Serialization component of CRaC JDK 21 did not

properly handle deserialization under certain circumstances. An

unauthenticated attacker could possibly use this issue to cause a denial

of service. (CVE-2024-21217)

It was discovered that the Hotspo...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   openjdk-21-crac-jdk             21.0.6+7-0ubuntu1~24.10
   openjdk-21-crac-jdk-headless    21.0.6+7-0ubuntu1~24.10
   openjdk-21-crac-jre             21.0.6+7-0ubuntu1~24.10
   openjdk-21-crac-jre-headless    21.0.6+7-0ubuntu1~24.10
   openjdk-21-crac-jre-zero        21.0.6+7-0ubuntu1~24.10

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7339-1

  CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235,

  CVE-2025-21502

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7339-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here