FEDORA-EPEL-2024-16cf23e0e6
Packages in this update:
cpp-jwt-1.4-7.el8
Update description:
Fix side channel vulnerability
cpp-jwt-1.4-7.el8
Fix side channel vulnerability
cpp-jwt-1.4-7.fc38
Fix side channel vulnerability
cpp-jwt-1.4-7.el9
Fix side channel vulnerability
cpp-jwt-1.4-7.fc39
Fix side channel vulnerability
Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly
handled array accesses in the C1 compiler. An attacker could possibly
use this issue to cause a denial of service, execute arbitrary code or
bypass Java sandbox restrictions. (CVE-2024-20918)
It was discovered that the Hotspot component of OpenJDK 11 did not
properly verify bytecode in certain situations. An attacker could
possibly use this issue to bypass Java sandbox restrictions.
(CVE-2024-20919)
It was discovered that the Hotspot component of OpenJDK 11 had an
optimization flaw when generating range check loop predicates. An attacker
could possibly use this issue to cause a denial of service, execute
arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)
Valentin Eudeline discovered that OpenJDK 11 incorrectly handled certain
options in the Nashorn JavaScript subcomponent. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2024-20926)
It was discovered that OpenJDK 11 could produce debug logs that contained
private keys used for digital signatures. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2024-20945)
Hubert Kario discovered that the TLS implementation in OpenJDK 11 had a
timing side-channel and incorrectly handled RSA padding. A remote attacker
could possibly use this issue to recover sensitive information.
(CVE-2024-20952)
Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly
handled array accesses in the C1 compiler. An attacker could possibly
use this issue to cause a denial of service, execute arbitrary code or
bypass Java sandbox restrictions. (CVE-2024-20918)
It was discovered that the Hotspot component of OpenJDK 21 did not
properly verify bytecode in certain situations. An attacker could
possibly use this issue to bypass Java sandbox restrictions.
(CVE-2024-20919)
It was discovered that the Hotspot component of OpenJDK 21 had an
optimization flaw when generating range check loop predicates. An attacker
could possibly use this issue to cause a denial of service, execute
arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)
It was discovered that OpenJDK 21 could produce debug logs that contained
private keys used for digital signatures. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2024-20945)
Hubert Kario discovered that the TLS implementation in OpenJDK 21 had a
timing side-channel and incorrectly handled RSA padding. A remote attacker
could possibly use this issue to recover sensitive information.
(CVE-2024-20952)
nginx-mainline-3820240218193500.f38
Contains fixes for vulnerabilities in HTTP/3 (CVE-2024-24989, CVE-2024-24990).
Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly
handled array accesses in the C1 compiler. An attacker could possibly
use this issue to cause a denial of service, execute arbitrary code or
bypass Java sandbox restrictions. (CVE-2024-20918)
It was discovered that the Hotspot component of OpenJDK 17 did not
properly verify bytecode in certain situations. An attacker could
possibly use this issue to bypass Java sandbox restrictions.
(CVE-2024-20919)
It was discovered that the Hotspot component of OpenJDK 17 had an
optimization flaw when generating range check loop predicates. An attacker
could possibly use this issue to cause a denial of service, execute
arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)
Yakov Shafranovich discovered that OpenJDK 17 incorrectly handled ZIP
archives that have file and directory entries with the same name. An
attacker could possibly use this issue to bypass Java sandbox
restrictions. (CVE-2024-20932)
It was discovered that OpenJDK 17 could produce debug logs that contained
private keys used for digital signatures. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2024-20945)
Hubert Kario discovered that the TLS implementation in OpenJDK 17 had a
timing side-channel and incorrectly handled RSA padding. A remote attacker
could possibly use this issue to recover sensitive information.
(CVE-2024-20952)
suricata-6.0.16-1.fc38
This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837, CVE-2024-23839, CVE-2024-24568.
suricata-6.0.16-1.fc39
This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837, CVE-2024-23839, CVE-2024-24568.