Sunday, November 24, 2024

[USN-7124-1] OpenJDK 23 vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmdDwiEFAwAAAAAACgkQWNrRIKaTkWdr
1hAAwwMah6UrLsudgNzPgsajCr9rSne3BjQ8vclwZ2YHhxRcUX7O8j1YDFEM9EgnN3PgsBY0ALNB
sKckn7k9Qj0xeh8rP2rv21TzmnbbpdrNGHQtdDZqXZ/K+TSAaYcHkEUT8tDQQiNaWU4Jp2JutM50
tExI5/2Ye07/h0gIxPa9R3tEt2fRH0OSmKhP/hPjWQ1F2ihGFvqJ5uOR0mTp6mVbaGMNBrtF1iAT
80g7Cnuk9js+ZLeIwECv14QrNxV3cGh7gl2nqwiYtTdUh/uTw6hcJpVx25vGvDVI4YYSvnG/YLua
CXMEwAithVS9zwecje7IogYoltHaaq0Q5O4uySn0dxDisKHfwFE5wL4mWbfXAbfl0ksvlgBOPYE8
Y1HSTcDoXM7KfsbsesjvC40jBpkX2Qx0O2cJThfynm8f/LGdZszSwhWUMZzmO0BAfwm6b7cJZRfp
O/zRSmsrlijjU5dIX8w13dWVbnIGPZ9TCHk7UzX1G8V3GA4qi6s4hMrIMx5p6wanmj9T6wYrOTeh
r7GlvYhfHWPoS6lPUQm76rzWqsx0w+ZVCPztg9Pk29mrI182zoR67VcwIxx5LdlmZfR48U22jjq7
dpqx4Tb6KKazGD3vIqKBLoZZNkdS2JPP1U0u51PNfrLTAPTZWIUpZWktwvTwk3jWhglGLU1cWOiX
qg0=
=Ic93
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7124-1
November 24, 2024

openjdk-23 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

Several security issues were fixed in OpenJDK 23.

Software Description:
- openjdk-23: Open Source Java implementation

Details:

Andy Boothe discovered that the Networking component of OpenJDK 23 did not
properly handle access under certain circumstances. An unauthenticated
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21208)

It was discovered that the Hotspot component of OpenJDK 23 did not properly
handle vectorization under certain circumstances. An unauthenticated
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2024-21210, CVE-2024-21235)

It was discovered that the Serialization component of OpenJDK 23 did not
properly handle deserialization under certain circumstances. An
unauthenticated attacker could possibly use this issue to cause a denial
of service. (CVE-2024-21217)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  openjdk-23-jdk                  23.0.1+11-1ubuntu1~24.10.1
  openjdk-23-jdk-headless         23.0.1+11-1ubuntu1~24.10.1
  openjdk-23-jre                  23.0.1+11-1ubuntu1~24.10.1
  openjdk-23-jre-headless         23.0.1+11-1ubuntu1~24.10.1
  openjdk-23-jre-zero             23.0.1+11-1ubuntu1~24.10.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7124-1
  CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-23/23.0.1+11-1ubuntu1~24.10.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)