USN-7124-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7124-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7124-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-7124-1
Related
Published
2024-11-24T23:09:55.837219Z
Modified
2024-11-24T23:09:55.837219Z
Summary
openjdk-23 vulnerabilities
Details

Andy Boothe discovered that the Networking component of OpenJDK 23 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21208)

It was discovered that the Hotspot component of OpenJDK 23 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2024-21210, CVE-2024-21235)

It was discovered that the Serialization component of OpenJDK 23 did not properly handle deserialization under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21217)

References

Affected packages

Ubuntu:24.10 / openjdk-23

Package

Name
openjdk-23
Purl
pkg:deb/ubuntu/openjdk-23?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.0.1+11-1ubuntu1~24.10.1

Affected versions

Other

23~20ea-1
23~28ea-1ubuntu1
23~33ea-1
23~34ea-1
23~36ea-1
23~37ea-1
23+37-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "23.0.1+11-1ubuntu1~24.10.1",
            "binary_name": "openjdk-23-dbg"
        },
        {
            "binary_version": "23.0.1+11-1ubuntu1~24.10.1",
            "binary_name": "openjdk-23-demo"
        },
        {
            "binary_version": "23.0.1+11-1ubuntu1~24.10.1",
            "binary_name": "openjdk-23-doc"
        },
        {
            "binary_version": "23.0.1+11-1ubuntu1~24.10.1",
            "binary_name": "openjdk-23-jdk"
        },
        {
            "binary_version": "23.0.1+11-1ubuntu1~24.10.1",
            "binary_name": "openjdk-23-jdk-headless"
        },
        {
            "binary_version": "23.0.1+11-1ubuntu1~24.10.1",
            "binary_name": "openjdk-23-jre"
        },
        {
            "binary_version": "23.0.1+11-1ubuntu1~24.10.1",
            "binary_name": "openjdk-23-jre-headless"
        },
        {
            "binary_version": "23.0.1+11-1ubuntu1~24.10.1",
            "binary_name": "openjdk-23-jre-zero"
        },
        {
            "binary_version": "23.0.1+11-1ubuntu1~24.10.1",
            "binary_name": "openjdk-23-source"
        },
        {
            "binary_version": "23.0.1+11-1ubuntu1~24.10.1",
            "binary_name": "openjdk-23-testsupport"
        }
    ]
}