{"id":"CLSA-2024-1726058957","summary":"java-1.8.0-openjdk: Fix of 6 CVEs","details":"- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u422-b05. That fixes following CVEs:\n- CVE-2024-21131: UTF8 size overflow\n- CVE-2024-21138: Infinite loop vunlerability in SymbolTable\n- CVE-2024-21140: Int overflow/underflow in Range Check Elimination (RCE)\n- CVE-2024-21144: Invalid header validation leads to Pack200 excessive loading time\n- CVE-2024-21145: Out-of-bounds access in MaskFill\n- CVE-2024-21147: Out-of-bounds array index in Range Check Elimination (RCE)","modified":"2026-06-01T00:33:25.868658799Z","published":"2024-09-11T12:49:21Z","upstream":["CVE-2024-21131","CVE-2024-21138","CVE-2024-21140","CVE-2024-21144","CVE-2024-21145","CVE-2024-21147"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/ol6/CLSA-2024-1726058957.html"}],"affected":[{"package":{"name":"java-1.8.0-openjdk","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-debug","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-debug?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-demo","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-demo?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-demo-debug","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-demo-debug?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-devel","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-devel?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-devel-debug","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-devel-debug?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-headless","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-headless?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-headless-debug","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-headless-debug?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-javadoc","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-javadoc?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-javadoc-debug","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-javadoc-debug?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-src","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-src?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}},{"package":{"name":"java-1.8.0-openjdk-src-debug","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-src-debug?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.422.b05-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1726058957.json"}}],"schema_version":"1.7.5"}