{"id":"MGASA-2024-0056","summary":"Updated java-17-openjdk packages fix security vulnerabilities","details":"The java-17-openjdk packages provide the OpenJDK 17 Java Runtime\nEnvironment and the OpenJDK 17 Java Software Development Kit.\nSecurity Fix(es):\n OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121)\n(CVE-2023-22025)\n OpenJDK: certificate path validation issue during client authentication\n(8309966) (CVE-2023-22081)\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to the\nCVE page(s) listed in the References section.\n","modified":"2026-04-16T04:44:37.574455433Z","published":"2024-03-13T23:14:37Z","upstream":["CVE-2023-22025","CVE-2023-22081","CVE-2024-20918","CVE-2024-20919","CVE-2024-20921","CVE-2024-20932","CVE-2024-20945","CVE-2024-20952"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0056.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32545"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2023:5752"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixJAVA"}],"affected":[{"package":{"name":"java-17-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-17-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"17.0.10.0.7-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0056.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}