USN-6932-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-6932-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6932-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6932-1

Related

CVE-2024-21131
CVE-2024-21138
CVE-2024-21140
CVE-2024-21145
CVE-2024-21147
UBUNTU-CVE-2024-21131
UBUNTU-CVE-2024-21138
UBUNTU-CVE-2024-21140
UBUNTU-CVE-2024-21145
UBUNTU-CVE-2024-21147

Published

2024-07-31T05:07:36.668828Z

Modified

2024-07-31T05:07:36.668828Z

Summary

openjdk-21 vulnerabilities

Details

It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-21131)

It was discovered that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service. (CVE-2024-21138)

It was discovered that the Hotspot component of OpenJDK 21 did not properly perform range check elimination. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-21140)

Sergey Bylokhov discovered that OpenJDK 21 did not properly manage memory when handling 2D images. An attacker could possibly use this issue to obtain sensitive information. (CVE-2024-21145)

It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled memory when performing range check elimination under certain circumstances. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-21147)

References

Affected packages

Ubuntu:20.04:LTS / openjdk-21

Package

Name: openjdk-21
Purl: pkg:deb/ubuntu/openjdk-21@21.0.4+7-1ubuntu2~20.04?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

21.0.4+7-1ubuntu2~20.04

Affected versions

21.*

21.0.1+12-2~20.04.1

21.0.2+13-1~20.04.1

21.0.3+9-1ubuntu1~20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "openjdk-21-dbg": "21.0.4+7-1ubuntu2~20.04",
            "openjdk-21-jre": "21.0.4+7-1ubuntu2~20.04",
            "openjdk-21-demo": "21.0.4+7-1ubuntu2~20.04",
            "openjdk-21-jre-headless": "21.0.4+7-1ubuntu2~20.04",
            "openjdk-21-jdk-headless": "21.0.4+7-1ubuntu2~20.04",
            "openjdk-21-source": "21.0.4+7-1ubuntu2~20.04",
            "openjdk-21-jdk": "21.0.4+7-1ubuntu2~20.04",
            "openjdk-21-doc": "21.0.4+7-1ubuntu2~20.04",
            "openjdk-21-testsupport": "21.0.4+7-1ubuntu2~20.04",
            "openjdk-21-jre-zero": "21.0.4+7-1ubuntu2~20.04"
        }
    ]
}

Ubuntu:22.04:LTS / openjdk-21

Package

Name: openjdk-21
Purl: pkg:deb/ubuntu/openjdk-21@21.0.4+7-1ubuntu2~22.04?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

21.0.4+7-1ubuntu2~22.04

Affected versions

21.*

21.0.1+12-2~22.04

21.0.2+13-1~22.04.1

21.0.3+9-1ubuntu1~22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "openjdk-21-dbg": "21.0.4+7-1ubuntu2~22.04",
            "openjdk-21-jre": "21.0.4+7-1ubuntu2~22.04",
            "openjdk-21-demo": "21.0.4+7-1ubuntu2~22.04",
            "openjdk-21-jre-headless": "21.0.4+7-1ubuntu2~22.04",
            "openjdk-21-jdk-headless": "21.0.4+7-1ubuntu2~22.04",
            "openjdk-21-source": "21.0.4+7-1ubuntu2~22.04",
            "openjdk-21-jdk": "21.0.4+7-1ubuntu2~22.04",
            "openjdk-21-doc": "21.0.4+7-1ubuntu2~22.04",
            "openjdk-21-testsupport": "21.0.4+7-1ubuntu2~22.04",
            "openjdk-21-jre-zero": "21.0.4+7-1ubuntu2~22.04"
        }
    ]
}

Ubuntu:24.04:LTS / openjdk-21

Package

Name: openjdk-21
Purl: pkg:deb/ubuntu/openjdk-21@21.0.4+7-1ubuntu2~24.04?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

21.0.4+7-1ubuntu2~24.04

Affected versions

Other

21+35-1

21.*

21.0.1+12-2

21.0.1+12-3

21.0.2+13-1

21.0.2+13-2

21.0.3~7ea-1

21.0.3~7ea-1build1

21.0.3~7ea-1build2

21.0.3+9-1

21.0.3+9-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "openjdk-21-dbg": "21.0.4+7-1ubuntu2~24.04",
            "openjdk-21-jre": "21.0.4+7-1ubuntu2~24.04",
            "openjdk-21-demo": "21.0.4+7-1ubuntu2~24.04",
            "openjdk-21-jre-headless": "21.0.4+7-1ubuntu2~24.04",
            "openjdk-21-jdk-headless": "21.0.4+7-1ubuntu2~24.04",
            "openjdk-21-source": "21.0.4+7-1ubuntu2~24.04",
            "openjdk-21-jdk": "21.0.4+7-1ubuntu2~24.04",
            "openjdk-21-doc": "21.0.4+7-1ubuntu2~24.04",
            "openjdk-21-testsupport": "21.0.4+7-1ubuntu2~24.04",
            "openjdk-21-jre-zero": "21.0.4+7-1ubuntu2~24.04"
        }
    ]
}