- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2024-1706697909.json
- JSON Data
-
https://api.osv.dev/v1/vulns/CLSA-2024-1706697909
- Upstream
- Published
- 2024-01-31T10:45:12Z
- Modified
- 2026-05-29T01:37:07.864717981Z
- Summary
-
java-1.8.0-openjdk: Fix of 8 CVEs
- Details
-
- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs:
- CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler
- CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution
- CVE-2024-20921: Range check loop optimization issue
- CVE-2024-20926: Arbitrary Java code execution in Nashorn
- CVE-2024-20945: Logging of digital signature private keys
- CVE-2024-20952: RSA padding issue and timing side-channel attack against TLS
- CVE-2023-22067: IOR deserialization issue in CORBA (fixed in jdk8u392)
- CVE-2023-22081: Certificate path validation issue during client authentication (fixed in jdk8u392)
- Adapt pr2462 patch to the new sources
- References
-
Affected packages
CLSA-2024-1706697909 - OSV
