(RHSA-2024:4565) Important: OpenJDK 11.0.24 Security Update for Windows Builds

2024-07-1621:51:12

access.redhat.com

openjdk 11

security update

windows builds

red hat

cve-2024-21147

cve-2024-21131

cve-2024-21138

cve-2024-21140

cve-2024-21144

cve-2024-21145

rangecheckelimination

utf8 size overflow

excessive symbol length

pack200

out-of-bounds access

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.2

Confidence

High

JSON

The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 11 (11.0.24) for Windows serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.23) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147)
OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131)
OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138)
OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140)
OpenJDK: Pack200 increase loading time due to improper header validation (8322106) (CVE-2024-21144)
OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.