Headline
Debian Security Advisory 5736-1
Debian Linux Security Advisory 5736-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox restrictions.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5736-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffAugust 05, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : openjdk-11CVE ID : CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147Several vulnerabilities have been discovered in the OpenJDK Java runtime,which may result in denial of service, information disclosure or bypassof Java sandbox restrictions.For the oldstable distribution (bullseye), these problems have been fixedin version 11.0.24+8-2~deb11u1.We recommend that you upgrade your openjdk-11 packages.For the detailed security status of openjdk-11 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/openjdk-11Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmawyDoACgkQEMKTtsN8TjbQdw//SxWT8jSa26VAkBJtLN92c1Y3BJI6vHTuWJ49ywpUOGV/xuK4hAF03MfHpoDCT6immVyzUpnidZI63d2h1GYO08RvdXVZJOliywwgDf5WCPHU/e+7WR6ssJxZFLB1qVGmGgI5vq6X7BrTQlZ95ydlwkxTN//WM7Ey1OFzupVUg6ICJ2kNJLh/DYMnAOEJolLKeQMgpR95/Xt+gC6o2I9xD8AotajaEvRQXkEO745bMMv2zz0JxiaEA1e3faRII/lw2t/Sq8SlHOFaAmUBglOo45J1DRoGR5P0byYK9vnr7KxfzYj61/wgpG1yJqLG0LqtvYnsBSmFf9HMwoS8nNEpffIvkaBAdXj3cGaTssx9AINwT+hUWrcO2+LEXRgWYtATrtCAqik5tMxtQHIOG08XalF5KjuBwhmr0wOBAdvWcx6wkd5BJc1Tfj/ssHDJje3LYbtTVgIuHqIR7bwt+yvpx1GqwrgAnzLN+zRn2ooPScSYbGPWhg8tUitpxyGG4n6++ZehsJ47hXSXg2JMUlMM4IYdOCoIOVRrxAXJSlXZaeb8TSnA3tMHonkDrw6cl+BFUU07BwfkMzePt1sTBWRzkhJj9cvmhIKvKgTDeGuGXbs0xOoG3mXC8umKkpRl1Tun0OtsPSxYytxL9pnQPJrCclwt7OAsoUHRIbrRskcuTJ4==AyAA-----END PGP SIGNATURE-----
Related news
Ubuntu Security Notice 6932-1 - It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6932-1 - It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6932-1 - It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6932-1 - It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6932-1 - It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6931-1 - It was discovered that the Hotspot component of OpenJDK 17 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 17 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6931-1 - It was discovered that the Hotspot component of OpenJDK 17 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 17 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6931-1 - It was discovered that the Hotspot component of OpenJDK 17 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 17 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6931-1 - It was discovered that the Hotspot component of OpenJDK 17 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 17 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6931-1 - It was discovered that the Hotspot component of OpenJDK 17 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 17 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6929-1 - It was discovered that the Hotspot component of OpenJDK 8 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 8 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2024-4568-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4568-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4568-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4568-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4568-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4563-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4563-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4563-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4563-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4563-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4563-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4573-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4573-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4573-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4573-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4573-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4572-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4572-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4572-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4572-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4572-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4571-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4571-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4571-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4571-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4571-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4570-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4570-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4570-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4570-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4570-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4569-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4569-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4569-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4569-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4569-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.
Red Hat Security Advisory 2024-4566-03 - An update is now available for OpenJDK. Issues addressed include an out of bounds access vulnerability.