(RHSA-2024:4081) Low: [23.0] Security update for the 23.0 release (RPMs)

2024-06-2507:03:59

access.redhat.com

security update

quarkus-mandrel-java

quarkus-mandrel-23

graalvm installation

openjdk 17.0.11

cve-2024-20954

cve-2024-21098

cvss score

references section

unix

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

Confidence

Low

JSON

The quarkus-mandrel-java and quarkus-mandrel-23 packages provide the GraalVM installation for the quarkus/mandrel-23-rhel8:23.0 container image on top of the latest release of OpenJDK 17.0.11.

Security Fix(es):

org.graalvm.compiler/compiler: graalvm: Unauthorized Read Access
(CVE-2024-20954)
org.graalvm.compiler/compiler: graalvm: unauthorized ability to cause a partial denial of service
(CVE-2024-21098)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8aarch64quarkus-mandrel-23-debuginfo< 23.0.4.1_1-4.el8qksquarkus-mandrel-23-debuginfo-23.0.4.1_1-4.el8qks.aarch64.rpm
RedHat8x86_64quarkus-mandrel-23-debugsource< 23.0.4.1_1-4.el8qksquarkus-mandrel-23-debugsource-23.0.4.1_1-4.el8qks.x86_64.rpm
RedHat8aarch64quarkus-mandrel-23< 23.0.4.1_1-4.el8qksquarkus-mandrel-23-23.0.4.1_1-4.el8qks.aarch64.rpm
RedHat8noarchquarkus-mandrel-java-jdk-17-binding< 23.0.4.1_1-10.redhat_00001.1.el8qksquarkus-mandrel-java-jdk-17-binding-23.0.4.1_1-10.redhat_00001.1.el8qks.noarch.rpm
RedHat8x86_64quarkus-mandrel-23< 23.0.4.1_1-4.el8qksquarkus-mandrel-23-23.0.4.1_1-4.el8qks.x86_64.rpm
RedHat8x86_64quarkus-mandrel-23-debuginfo< 23.0.4.1_1-4.el8qksquarkus-mandrel-23-debuginfo-23.0.4.1_1-4.el8qks.x86_64.rpm
RedHat8aarch64quarkus-mandrel-23-debugsource< 23.0.4.1_1-4.el8qksquarkus-mandrel-23-debugsource-23.0.4.1_1-4.el8qks.aarch64.rpm
RedHat8noarchquarkus-mandrel-java< 23.0.4.1_1-10.redhat_00001.1.el8qksquarkus-mandrel-java-23.0.4.1_1-10.redhat_00001.1.el8qks.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	aarch64	quarkus-mandrel-23-debuginfo	< 23.0.4.1_1-4.el8qks	quarkus-mandrel-23-debuginfo-23.0.4.1_1-4.el8qks.aarch64.rpm
RedHat	8	x86_64	quarkus-mandrel-23-debugsource	< 23.0.4.1_1-4.el8qks	quarkus-mandrel-23-debugsource-23.0.4.1_1-4.el8qks.x86_64.rpm
RedHat	8	aarch64	quarkus-mandrel-23	< 23.0.4.1_1-4.el8qks	quarkus-mandrel-23-23.0.4.1_1-4.el8qks.aarch64.rpm
RedHat	8	noarch	quarkus-mandrel-java-jdk-17-binding	< 23.0.4.1_1-10.redhat_00001.1.el8qks	quarkus-mandrel-java-jdk-17-binding-23.0.4.1_1-10.redhat_00001.1.el8qks.noarch.rpm
RedHat	8	x86_64	quarkus-mandrel-23	< 23.0.4.1_1-4.el8qks	quarkus-mandrel-23-23.0.4.1_1-4.el8qks.x86_64.rpm
RedHat	8	x86_64	quarkus-mandrel-23-debuginfo	< 23.0.4.1_1-4.el8qks	quarkus-mandrel-23-debuginfo-23.0.4.1_1-4.el8qks.x86_64.rpm
RedHat	8	aarch64	quarkus-mandrel-23-debugsource	< 23.0.4.1_1-4.el8qks	quarkus-mandrel-23-debugsource-23.0.4.1_1-4.el8qks.aarch64.rpm
RedHat	8	noarch	quarkus-mandrel-java	< 23.0.4.1_1-10.redhat_00001.1.el8qks	quarkus-mandrel-java-23.0.4.1_1-10.redhat_00001.1.el8qks.noarch.rpm