CLSA-2024-1732197150

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1732197150.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2024-1732197150
Upstream
Published
2024-11-21T13:52:39Z
Modified
2026-06-04T09:46:46.972356516Z
Summary
Fix of 20 CVEs
Details
  • Update to 8u432-ga fixing a number of CVEs
    • CVE-2024-20918: missing array range check in C1 compiler leads to out-of-bounds access
    • CVE-2024-20919: unverified bytecode execution because of the flaw in JVM class file verifier
    • CVE-2024-20921: optimization issue of loop range check in IfNode and LoopNode
    • CVE-2024-20926: execution of arbitrary Java code in Nashorn
    • CVE-2024-20945: private keys for digital signatures leak to logs
    • CVE-2024-20952: RSA padding problem, TLS timing side-channel attack
    • CVE-2024-21011: extended Exception message causing a crash
    • CVE-2024-21068: Integer overflow in address generation by the C1 compiler
    • CVE-2024-21085: excessive memory allocation in Pack200
    • CVE-2024-21094: "exceeded noderegs array" C2 compilation error
    • CVE-2024-21131: UTF8 size overflow
    • CVE-2024-21138: infinite loop vunlerability in SymbolTable
    • CVE-2024-21140: int overflow/underflow in Range Check Elimination
    • CVE-2024-21144: invalid header validation leads to Pack200 excessive loading time
    • CVE-2024-21145: out-of-bounds access in MaskFill
    • CVE-2024-21147: out-of-bounds array index in Range Check Elimination
    • CVE-2024-21208: improper handling of maxHeaderSize in HTTP client
    • CVE-2024-21210: integer overflow in array indexing in SuperWord
    • CVE-2024-21217: out-of-memory because of unbounded allocation in MessageFormat
    • CVE-2024-21235: incorrect range check because of integer conversion error in LoopNode
  • Update patches
    • debian/patches/zero-sh.diff
References

Affected packages

TuxCare:Ubuntu:16.04
openjdk-8-demo

Package

Name
openjdk-8-demo
Purl
pkg:deb/tuxcare/openjdk-8-demo?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8u432-ga-0ubuntu1~16.04+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1732197150.json"
openjdk-8-doc

Package

Name
openjdk-8-doc
Purl
pkg:deb/tuxcare/openjdk-8-doc?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8u432-ga-0ubuntu1~16.04+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1732197150.json"
openjdk-8-jdk

Package

Name
openjdk-8-jdk
Purl
pkg:deb/tuxcare/openjdk-8-jdk?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8u432-ga-0ubuntu1~16.04+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1732197150.json"
openjdk-8-jdk-headless

Package

Name
openjdk-8-jdk-headless
Purl
pkg:deb/tuxcare/openjdk-8-jdk-headless?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8u432-ga-0ubuntu1~16.04+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1732197150.json"
openjdk-8-jre

Package

Name
openjdk-8-jre
Purl
pkg:deb/tuxcare/openjdk-8-jre?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8u432-ga-0ubuntu1~16.04+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1732197150.json"
openjdk-8-jre-headless

Package

Name
openjdk-8-jre-headless
Purl
pkg:deb/tuxcare/openjdk-8-jre-headless?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8u432-ga-0ubuntu1~16.04+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1732197150.json"
openjdk-8-jre-jamvm

Package

Name
openjdk-8-jre-jamvm
Purl
pkg:deb/tuxcare/openjdk-8-jre-jamvm?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8u432-ga-0ubuntu1~16.04+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1732197150.json"
openjdk-8-jre-zero

Package

Name
openjdk-8-jre-zero
Purl
pkg:deb/tuxcare/openjdk-8-jre-zero?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8u432-ga-0ubuntu1~16.04+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1732197150.json"
openjdk-8-source

Package

Name
openjdk-8-source
Purl
pkg:deb/tuxcare/openjdk-8-source?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8u432-ga-0ubuntu1~16.04+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2024-1732197150.json"