Issued:: 2024-01-17
Updated:: 2024-01-17

RHSA-2024:0233 - Security Advisory

Overview
Updated Packages

Synopsis

Important: java-11-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)
OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)
OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)
OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926)
OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

BZ - 2257728 - CVE-2024-20918 OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
BZ - 2257837 - CVE-2024-20952 OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
BZ - 2257850 - CVE-2024-20926 OpenJDK: arbitrary Java code execution in Nashorn (8314284)
BZ - 2257853 - CVE-2024-20919 OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
BZ - 2257859 - CVE-2024-20921 OpenJDK: range check loop optimization issue (8314307)
BZ - 2257874 - CVE-2024-20945 OpenJDK: logging of digital signature private keys (8316976)

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
java-11-openjdk-11.0.22.0.7-1.el8_2.src.rpm	SHA-256: 90c57874a6b73014285981ceeccf761f1513639edb7c42cdab913d5f6837beb9
x86_64
java-11-openjdk-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: a2592535b1bf71f90499d77998ad3f51afc9b43a0c8c4816a51b8d9a0dc67e8b
java-11-openjdk-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 68c221b8060fa904a23e1aabfcc59f230ad411299a584406a78cf029d5fb6014
java-11-openjdk-debugsource-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 515127a99a11c1d336cb314ba7597f13724f9339f59c673a9aa916b9ce896393
java-11-openjdk-demo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 25be6c945ab0e1c74a5f8511fc8b0fdb26ea3f693e0955be5cd1bb6cba3d8b54
java-11-openjdk-devel-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: ebcf0788dbb9a543e9369c5ec4b4afbacde0a42f088ea6c79fba87de6ea3ac2f
java-11-openjdk-devel-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 1efa3e0639f560ce3db92ff9bc0257221486de49339a57580ca797a870162a95
java-11-openjdk-headless-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 95b89b22539d16e4836884ea5b68f86dfa42b3d01eb3fceac004a1ae54b4fff8
java-11-openjdk-headless-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 2c055d1bcfa22c3d8774caff7c013ea750331ace35df6cf60741ad0daf2de6de
java-11-openjdk-javadoc-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: b642a8fff67026976d97656357e21f0bf098c770b2b500d9e94543caaebb0ec2
java-11-openjdk-javadoc-zip-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 97498001c3adb8020801d9b9fa8807b745548e96790eec8b64a9d4819b085d42
java-11-openjdk-jmods-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: f850c41647ee87a561f09b34a027c7e2e056c3e7005fb00e5fec018f2ffcfaa4
java-11-openjdk-src-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 48d388e9a296cd495461789c0c3c6eaa295c2060dcc7ff713829f376684dfb8d
java-11-openjdk-static-libs-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 519bd4cf05153ccaa6c6ae2a79e39cb31a1642793d4dae40cedbf0d9c793ea23

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
java-11-openjdk-11.0.22.0.7-1.el8_2.src.rpm	SHA-256: 90c57874a6b73014285981ceeccf761f1513639edb7c42cdab913d5f6837beb9
x86_64
java-11-openjdk-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: a2592535b1bf71f90499d77998ad3f51afc9b43a0c8c4816a51b8d9a0dc67e8b
java-11-openjdk-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 68c221b8060fa904a23e1aabfcc59f230ad411299a584406a78cf029d5fb6014
java-11-openjdk-debugsource-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 515127a99a11c1d336cb314ba7597f13724f9339f59c673a9aa916b9ce896393
java-11-openjdk-demo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 25be6c945ab0e1c74a5f8511fc8b0fdb26ea3f693e0955be5cd1bb6cba3d8b54
java-11-openjdk-devel-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: ebcf0788dbb9a543e9369c5ec4b4afbacde0a42f088ea6c79fba87de6ea3ac2f
java-11-openjdk-devel-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 1efa3e0639f560ce3db92ff9bc0257221486de49339a57580ca797a870162a95
java-11-openjdk-devel-slowdebug-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 2acd20686a985d2b9e093b34155009919326862812a0b719bd844ea19bed5280
java-11-openjdk-headless-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 95b89b22539d16e4836884ea5b68f86dfa42b3d01eb3fceac004a1ae54b4fff8
java-11-openjdk-headless-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 2c055d1bcfa22c3d8774caff7c013ea750331ace35df6cf60741ad0daf2de6de
java-11-openjdk-headless-slowdebug-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 5010ebdd6e9cb5b44b2d0fe063fc026cf95c1d07a9e11907f828159b676e8fbe
java-11-openjdk-javadoc-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: b642a8fff67026976d97656357e21f0bf098c770b2b500d9e94543caaebb0ec2
java-11-openjdk-javadoc-zip-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 97498001c3adb8020801d9b9fa8807b745548e96790eec8b64a9d4819b085d42
java-11-openjdk-jmods-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: f850c41647ee87a561f09b34a027c7e2e056c3e7005fb00e5fec018f2ffcfaa4
java-11-openjdk-slowdebug-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: ef667307f9375d2d80e4c6af8aedb0e0578d84e018540dd6bf24e53c7d834b94
java-11-openjdk-src-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 48d388e9a296cd495461789c0c3c6eaa295c2060dcc7ff713829f376684dfb8d
java-11-openjdk-static-libs-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 519bd4cf05153ccaa6c6ae2a79e39cb31a1642793d4dae40cedbf0d9c793ea23

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM
java-11-openjdk-11.0.22.0.7-1.el8_2.src.rpm	SHA-256: 90c57874a6b73014285981ceeccf761f1513639edb7c42cdab913d5f6837beb9
ppc64le
java-11-openjdk-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 6ff929fb45324b0030ad5e727e76b8da8e2c73643f571d998cd4f9ddf23c8b9a
java-11-openjdk-debuginfo-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: a7197125945e465caf0eb27aad43987d48cd7551da7fed7ab84a63118061faf7
java-11-openjdk-debugsource-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 89d7056264a0c017e8153525de589fca556929bf0223ac9e446d43fbb43955d8
java-11-openjdk-demo-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 8ace339eb3e447ba5d36d0e390687640ff1ddc1f1d45042b03a7d088b4b6da1d
java-11-openjdk-devel-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 21fdcde92a5800eb47b4f2ee2a0ce1461bb3201586ee4c4039c3f105bc5e8b4e
java-11-openjdk-devel-debuginfo-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 10008b1c801078a8e4c41512fcb2a89d79cbb02b7b039db2332fe172410a7bd6
java-11-openjdk-devel-slowdebug-debuginfo-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 66ba54939363cf60b9ebcef4732fad7408403c3268c7aacbb9b8fb80abb60143
java-11-openjdk-headless-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: f8d831748be4e0eb201616960f97dbb6db306281453a11baaba985d8194eccf7
java-11-openjdk-headless-debuginfo-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: dd32e7bfdd0a69acaaa0712c427107419f6932a174895cc7212d3e365b8b2aaf
java-11-openjdk-headless-slowdebug-debuginfo-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 9ee8bc5860f2a66624ddece46cae564e0bb5fa072f2b9b18959c60578fbc4091
java-11-openjdk-javadoc-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 0b85e410bd172f28e9c9fe419bbe92ca9d2e6bac7e0a8c75d2e09e32d061deb8
java-11-openjdk-javadoc-zip-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 6be961fcd0bf99865f8d0f98fd3aeb6af94a91c2c4e0e850fbd0990b0add254e
java-11-openjdk-jmods-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 5f451cd5a344d729f435326c494ccfd0ddcef722e41e430aec0b6919960c600b
java-11-openjdk-slowdebug-debuginfo-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 6bfc818bdc8148f66f21827cbbc460d47cd17f95581af7cd28f7844c1394e654
java-11-openjdk-src-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 1c37c1f5b7639eb783900534d35c43f1eb73014003194bac8c0e8b6763723339
java-11-openjdk-static-libs-11.0.22.0.7-1.el8_2.ppc64le.rpm	SHA-256: 06447c31d256aadacd71bdcba7b90fa6ce4647ca6ebbb4cc42cdd0bcec4747f0

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM
java-11-openjdk-11.0.22.0.7-1.el8_2.src.rpm	SHA-256: 90c57874a6b73014285981ceeccf761f1513639edb7c42cdab913d5f6837beb9
x86_64
java-11-openjdk-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: a2592535b1bf71f90499d77998ad3f51afc9b43a0c8c4816a51b8d9a0dc67e8b
java-11-openjdk-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 68c221b8060fa904a23e1aabfcc59f230ad411299a584406a78cf029d5fb6014
java-11-openjdk-debugsource-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 515127a99a11c1d336cb314ba7597f13724f9339f59c673a9aa916b9ce896393
java-11-openjdk-demo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 25be6c945ab0e1c74a5f8511fc8b0fdb26ea3f693e0955be5cd1bb6cba3d8b54
java-11-openjdk-devel-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: ebcf0788dbb9a543e9369c5ec4b4afbacde0a42f088ea6c79fba87de6ea3ac2f
java-11-openjdk-devel-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 1efa3e0639f560ce3db92ff9bc0257221486de49339a57580ca797a870162a95
java-11-openjdk-devel-slowdebug-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 2acd20686a985d2b9e093b34155009919326862812a0b719bd844ea19bed5280
java-11-openjdk-headless-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 95b89b22539d16e4836884ea5b68f86dfa42b3d01eb3fceac004a1ae54b4fff8
java-11-openjdk-headless-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 2c055d1bcfa22c3d8774caff7c013ea750331ace35df6cf60741ad0daf2de6de
java-11-openjdk-headless-slowdebug-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 5010ebdd6e9cb5b44b2d0fe063fc026cf95c1d07a9e11907f828159b676e8fbe
java-11-openjdk-javadoc-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: b642a8fff67026976d97656357e21f0bf098c770b2b500d9e94543caaebb0ec2
java-11-openjdk-javadoc-zip-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 97498001c3adb8020801d9b9fa8807b745548e96790eec8b64a9d4819b085d42
java-11-openjdk-jmods-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: f850c41647ee87a561f09b34a027c7e2e056c3e7005fb00e5fec018f2ffcfaa4
java-11-openjdk-slowdebug-debuginfo-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: ef667307f9375d2d80e4c6af8aedb0e0578d84e018540dd6bf24e53c7d834b94
java-11-openjdk-src-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 48d388e9a296cd495461789c0c3c6eaa295c2060dcc7ff713829f376684dfb8d
java-11-openjdk-static-libs-11.0.22.0.7-1.el8_2.x86_64.rpm	SHA-256: 519bd4cf05153ccaa6c6ae2a79e39cb31a1642793d4dae40cedbf0d9c793ea23

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation