Overview

File _patchinfo of Package patchinfo.34818

<patchinfo incident="34818">
  <issue tracker="cve" id="2024-21131"/>
  <issue tracker="cve" id="2024-21140"/>
  <issue tracker="cve" id="2024-21144"/>
  <issue tracker="cve" id="2024-21147"/>
  <issue tracker="cve" id="2024-21138"/>
  <issue tracker="cve" id="2024-21145"/>
  <issue tracker="bnc" id="1228052">VUL-0: CVE-2024-21147: java-*-openjdk,java-*-ibm: OpenJDK: RangeCheckElimination array index overflow</issue>
  <issue tracker="bnc" id="1228047">VUL-0: CVE-2024-21138:  java-*-openjdk,java-*-ibm: OpenJDK: Excessive symbol length can lead to infinite loop</issue>
  <issue tracker="bnc" id="1228048">VUL-0: CVE-2024-21140: java-*-openjdk,java-*-ibm: OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow</issue>
  <issue tracker="bnc" id="1228046">VUL-0: CVE-2024-21131: java-*-openjdk,java-*-ibm: OpenJDK: potential UTF8 size overflow</issue>
  <issue tracker="bnc" id="1227298">java-21-openjdk-headless is missing prerequires on file</issue>
  <issue tracker="bnc" id="1228051">VUL-0: CVE-2024-21145: java-*-openjdk,java-*-ibm: OpenJDK: Out-of-bounds access in 2D image handling</issue>
  <issue tracker="bnc" id="1228050">VUL-0: CVE-2024-21144: java-*-openjdk,java-*-ibm: OpenJDK: Pack200 increase loading time due to improper header validation</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-11-openjdk</summary>
  <description>This update for java-11-openjdk fixes the following issues:

Updated to version 11.0.24+8 (July 2024 CPU):

- CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046).
- CVE-2024-21138: Fixed an infinite loop due to excessive symbol
  length (bsc#1228047).
- CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check
  Elimination (bsc#1228048).
- CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling
  (bsc#1228052).
- CVE-2024-21145: Fixed an index overflow in RangeCheckElimination
  (bsc#1228051).
- CVE-2024-21144: Fixed an excessive loading time in Pack200 due to
  improper header validation (bsc#1228050).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places