(RHSA-2024:4079) Low: [23.1] Security update for the 23.1 release (RPMs)

2024-06-2506:22:01

access.redhat.com

security update

quarkus-mandrel-java

quarkus-mandrel-231

graalvm installation

openjdk 21.0.3

cve-2024-20954

cve-2024-21098

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

Confidence

Low

JSON

The quarkus-mandrel-java and quarkus-mandrel-231 packages provide the
GraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1 container image on top of the latest release of OpenJDK 21.0.3.

Security Fix(es):

org.graalvm.compiler/compiler: graalvm: Unauthorized Read Access
(CVE-2024-20954)
org.graalvm.compiler/compiler: graalvm: unauthorized ability to cause a partial denial of service
(CVE-2024-21098)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64quarkus-mandrel-231< 23.1.3.1_1-5.el8qksquarkus-mandrel-231-23.1.3.1_1-5.el8qks.x86_64.rpm
RedHat8x86_64quarkus-mandrel-231-debugsource< 23.1.3.1_1-5.el8qksquarkus-mandrel-231-debugsource-23.1.3.1_1-5.el8qks.x86_64.rpm
RedHat8aarch64quarkus-mandrel-231-debuginfo< 23.1.3.1_1-5.el8qksquarkus-mandrel-231-debuginfo-23.1.3.1_1-5.el8qks.aarch64.rpm
RedHat8aarch64quarkus-mandrel-231-debugsource< 23.1.3.1_1-5.el8qksquarkus-mandrel-231-debugsource-23.1.3.1_1-5.el8qks.aarch64.rpm
RedHat8aarch64quarkus-mandrel-231< 23.1.3.1_1-5.el8qksquarkus-mandrel-231-23.1.3.1_1-5.el8qks.aarch64.rpm
RedHat8noarchquarkus-mandrel-java< 23.1.3.1_1-13.redhat_00001.1.el8qksquarkus-mandrel-java-23.1.3.1_1-13.redhat_00001.1.el8qks.noarch.rpm
RedHat8x86_64quarkus-mandrel-231-debuginfo< 23.1.3.1_1-5.el8qksquarkus-mandrel-231-debuginfo-23.1.3.1_1-5.el8qks.x86_64.rpm
RedHat8noarchquarkus-mandrel-java-jdk-21-binding< 23.1.3.1_1-13.redhat_00001.1.el8qksquarkus-mandrel-java-jdk-21-binding-23.1.3.1_1-13.redhat_00001.1.el8qks.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	x86_64	quarkus-mandrel-231	< 23.1.3.1_1-5.el8qks	quarkus-mandrel-231-23.1.3.1_1-5.el8qks.x86_64.rpm
RedHat	8	x86_64	quarkus-mandrel-231-debugsource	< 23.1.3.1_1-5.el8qks	quarkus-mandrel-231-debugsource-23.1.3.1_1-5.el8qks.x86_64.rpm
RedHat	8	aarch64	quarkus-mandrel-231-debuginfo	< 23.1.3.1_1-5.el8qks	quarkus-mandrel-231-debuginfo-23.1.3.1_1-5.el8qks.aarch64.rpm
RedHat	8	aarch64	quarkus-mandrel-231-debugsource	< 23.1.3.1_1-5.el8qks	quarkus-mandrel-231-debugsource-23.1.3.1_1-5.el8qks.aarch64.rpm
RedHat	8	aarch64	quarkus-mandrel-231	< 23.1.3.1_1-5.el8qks	quarkus-mandrel-231-23.1.3.1_1-5.el8qks.aarch64.rpm
RedHat	8	noarch	quarkus-mandrel-java	< 23.1.3.1_1-13.redhat_00001.1.el8qks	quarkus-mandrel-java-23.1.3.1_1-13.redhat_00001.1.el8qks.noarch.rpm
RedHat	8	x86_64	quarkus-mandrel-231-debuginfo	< 23.1.3.1_1-5.el8qks	quarkus-mandrel-231-debuginfo-23.1.3.1_1-5.el8qks.x86_64.rpm
RedHat	8	noarch	quarkus-mandrel-java-jdk-21-binding	< 23.1.3.1_1-13.redhat_00001.1.el8qks	quarkus-mandrel-java-jdk-21-binding-23.1.3.1_1-13.redhat_00001.1.el8qks.noarch.rpm