Overview

File _patchinfo of Package patchinfo.35471

<patchinfo incident="35471">
  <issue tracker="bnc" id="1229224">VUL-0: CVE-2024-27267: java-1_7_1-ibm, java-1_8_0-ibm: Object Request Broker (ORB) remote denial of service</issue>
  <issue tracker="bnc" id="1228047">VUL-0: CVE-2024-21138:  java-*-openjdk,java-*-ibm: OpenJDK: Excessive symbol length can lead to infinite loop</issue>
  <issue tracker="bnc" id="1228048">VUL-0: CVE-2024-21140: java-*-openjdk,java-*-ibm: OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow</issue>
  <issue tracker="bnc" id="1228050">VUL-0: CVE-2024-21144: java-*-openjdk,java-*-ibm: OpenJDK: Pack200 increase loading time due to improper header validation</issue>
  <issue tracker="bnc" id="1228346">java-1_8_0-ibm: Oracle July 16 2024 CPU and IBM Security Update August 2024</issue>
  <issue tracker="bnc" id="1228051">VUL-0: CVE-2024-21145: java-*-openjdk,java-*-ibm: OpenJDK: Out-of-bounds access in 2D image handling</issue>
  <issue tracker="bnc" id="1228052">VUL-0: CVE-2024-21147: java-*-openjdk,java-*-ibm: OpenJDK: RangeCheckElimination array index overflow</issue>
  <issue tracker="bnc" id="1228046">VUL-0: CVE-2024-21131: java-*-openjdk,java-*-ibm: OpenJDK: potential UTF8 size overflow</issue>
  <issue tracker="cve" id="2024-21145"/>
  <issue tracker="cve" id="2024-21131"/>
  <issue tracker="cve" id="2024-21144"/>
  <issue tracker="cve" id="2024-21138"/>
  <issue tracker="cve" id="2024-21140"/>
  <issue tracker="cve" id="2024-21147"/>
  <issue tracker="cve" id="2024-27267"/>
  <packager>pmonrealgonzalez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-ibm</summary>
  <description>This update for java-1_8_0-ibm fixes the following issues:

- Update to Java 8.0 Service Refresh 8 Fix Pack 30 (bsc#1228346)
- CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. (bsc#1228052)
- CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. (bsc#1228051)
- CVE-2024-21140: Fixed a range check elimination pre-loop limit overflow. (bsc#1228048)
- CVE-2024-21144: Pack200 increase loading time due to improper header validation. (bsc#1228050)
- CVE-2024-21138: Fixed an issue where excessive symbol length can lead to infinite loop. (bsc#1228047)
- CVE-2024-21131: Fixed a potential UTF8 size overflow. (bsc#1228046)
- CVE-2024-27267: Fixed an Object Request Broker (ORB) remote denial of service. (bsc#1229224)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places