{"id":"CLSA-2024-1706698228","summary":"java-1.8.0-openjdk: Fix of 8 CVEs","details":"- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs:\n- CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler\n- CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution\n- CVE-2024-20921: Range check loop optimization issue\n- CVE-2024-20926: Arbitrary Java code execution in Nashorn\n- CVE-2024-20945: Logging of digital signature private keys\n- CVE-2024-20952: RSA padding issue and timing side-channel attack against TLS\n- CVE-2023-22067: IOR deserialization issue in CORBA (fixed in jdk8u392)\n- CVE-2023-22081: Certificate path validation issue during client authentication (fixed in jdk8u392)\n- Adapt pr2462 patch to the new sources","modified":"2026-05-29T01:34:03.464153874Z","published":"2024-01-31T10:50:31Z","upstream":["CVE-2023-22067","CVE-2023-22081","CVE-2024-20918","CVE-2024-20919","CVE-2024-20921","CVE-2024-20926","CVE-2024-20945","CVE-2024-20952"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/els6/CLSA-2024-1706698228.html"}],"schema_version":"1.7.5"}