Red Hat Product Errata RHSA-2024:0241 - Security Advisory
Issued:
2024-01-17
Updated:
2024-01-17

RHSA-2024:0241 - Security Advisory

Synopsis

Important: java-17-openjdk security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)
  • OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123) (CVE-2024-20932)
  • OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)
  • OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)
  • OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)
  • OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • When Transparent Huge Pages (THP) are unconditionally enabled on a system, Java applications using many threads were found to have a large Resident Set Size (RSS). This was due to a race between the kernel transforming thread stack memory into huge pages and the Java Virtual Machine (JVM) shattering these pages into smaller ones when adding a guard page. This release resolves this issue by getting glibc to insert a guard page and prevent the creation of huge pages. (RHEL-13928)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2257720 - CVE-2024-20932 OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)
  • BZ - 2257728 - CVE-2024-20918 OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
  • BZ - 2257837 - CVE-2024-20952 OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
  • BZ - 2257853 - CVE-2024-20919 OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
  • BZ - 2257859 - CVE-2024-20921 OpenJDK: range check loop optimization issue (8314307)
  • BZ - 2257874 - CVE-2024-20945 OpenJDK: logging of digital signature private keys (8316976)

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
java-17-openjdk-17.0.10.0.7-1.el8_4.src.rpm SHA-256: 8e24bb287bec1d627d6a5bfb6f7c59ac304be2a60eb00b113e16094fc8d8a7a3
x86_64
java-17-openjdk-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 7c3ef60c0d92cee15df9072911b4d66c957b0a8a59319772a34cddd59c46869f
java-17-openjdk-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 35dc16a899b0c872f5e10176ac48ed53bf3baef10597219dae2f75602960b0d6
java-17-openjdk-debugsource-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: b73ba2f91b4f014397d27216fec4e8a0b2c93978109a5654a928a70ba2e92adf
java-17-openjdk-demo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: bea51f4b47366aeae96fba3e9168b84332ef447b7b42f1a1cef0e7f90d425e2c
java-17-openjdk-devel-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 89b74ae24207e87c08f3850dc08beb27158a7f6144d7f0ea522dd7acbf89fb9f
java-17-openjdk-devel-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: e06a7210d0367b04b9457757a5ef2f3d08449b668c8c9a739299fc9c1d9d8c69
java-17-openjdk-devel-fastdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 0c6754c281b22296b1a285c26403d4191770158321580cdeb23a51ea517f9972
java-17-openjdk-devel-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 23b0bf3ddd6ddbf3c3ac71eceda1f5ee16097945850ffd82583c26e6f87d126c
java-17-openjdk-fastdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 6c4b7ae1eacb99a112cdb87f39c0cf64dfae9f96f54aeff029df904a4a324923
java-17-openjdk-headless-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 18a5db70484ba6fabb55d70d41a4e75de33845fbca0a8772510b4bbf795659ae
java-17-openjdk-headless-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 43fd8833706b8795628f733cf96dcc2540b7464c2249a2583a3ab65b8c9a4d84
java-17-openjdk-headless-fastdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 62796acbc8aa896466a163edc1842f195595977e955bd48c15f0bd32f14ad840
java-17-openjdk-headless-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 8dab934c9317acee89c520687f6ab5ea3e4b21e22d91d97373a72d9691246d9a
java-17-openjdk-javadoc-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: cb8f9ea0936d4f2f2bdbff82275c3368e9501f18cc962fc2b5097a5c98fff438
java-17-openjdk-javadoc-zip-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 5e511b3f2a63e5eb6ffc5f01cdb6e83b2c73af3c7c8eb275cb6f9e6c2d5db4de
java-17-openjdk-jmods-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: c59a5bc8fd8ed375ea649c9c7d4ab7e84eeac1b2e0dffc4e92ef79fc24ef6068
java-17-openjdk-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 6afa688dad9bc7b0a9c832d8552542ccb30f2416b746f7b35c366c134ea6f6e3
java-17-openjdk-src-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: d1cbc2b52059efbd660c5e704adb5e3e3b3c6339db8c918396fcb6a968768516
java-17-openjdk-static-libs-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 33124ed61b4515264adbae8c8d777ff0c82029c307d3b00e2bb8307adef5c8c5

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
java-17-openjdk-17.0.10.0.7-1.el8_4.src.rpm SHA-256: 8e24bb287bec1d627d6a5bfb6f7c59ac304be2a60eb00b113e16094fc8d8a7a3
x86_64
java-17-openjdk-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 7c3ef60c0d92cee15df9072911b4d66c957b0a8a59319772a34cddd59c46869f
java-17-openjdk-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 35dc16a899b0c872f5e10176ac48ed53bf3baef10597219dae2f75602960b0d6
java-17-openjdk-debugsource-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: b73ba2f91b4f014397d27216fec4e8a0b2c93978109a5654a928a70ba2e92adf
java-17-openjdk-demo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: bea51f4b47366aeae96fba3e9168b84332ef447b7b42f1a1cef0e7f90d425e2c
java-17-openjdk-devel-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 89b74ae24207e87c08f3850dc08beb27158a7f6144d7f0ea522dd7acbf89fb9f
java-17-openjdk-devel-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: e06a7210d0367b04b9457757a5ef2f3d08449b668c8c9a739299fc9c1d9d8c69
java-17-openjdk-devel-fastdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 0c6754c281b22296b1a285c26403d4191770158321580cdeb23a51ea517f9972
java-17-openjdk-devel-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 23b0bf3ddd6ddbf3c3ac71eceda1f5ee16097945850ffd82583c26e6f87d126c
java-17-openjdk-fastdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 6c4b7ae1eacb99a112cdb87f39c0cf64dfae9f96f54aeff029df904a4a324923
java-17-openjdk-headless-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 18a5db70484ba6fabb55d70d41a4e75de33845fbca0a8772510b4bbf795659ae
java-17-openjdk-headless-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 43fd8833706b8795628f733cf96dcc2540b7464c2249a2583a3ab65b8c9a4d84
java-17-openjdk-headless-fastdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 62796acbc8aa896466a163edc1842f195595977e955bd48c15f0bd32f14ad840
java-17-openjdk-headless-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 8dab934c9317acee89c520687f6ab5ea3e4b21e22d91d97373a72d9691246d9a
java-17-openjdk-javadoc-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: cb8f9ea0936d4f2f2bdbff82275c3368e9501f18cc962fc2b5097a5c98fff438
java-17-openjdk-javadoc-zip-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 5e511b3f2a63e5eb6ffc5f01cdb6e83b2c73af3c7c8eb275cb6f9e6c2d5db4de
java-17-openjdk-jmods-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: c59a5bc8fd8ed375ea649c9c7d4ab7e84eeac1b2e0dffc4e92ef79fc24ef6068
java-17-openjdk-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 6afa688dad9bc7b0a9c832d8552542ccb30f2416b746f7b35c366c134ea6f6e3
java-17-openjdk-src-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: d1cbc2b52059efbd660c5e704adb5e3e3b3c6339db8c918396fcb6a968768516
java-17-openjdk-static-libs-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 33124ed61b4515264adbae8c8d777ff0c82029c307d3b00e2bb8307adef5c8c5

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
java-17-openjdk-17.0.10.0.7-1.el8_4.src.rpm SHA-256: 8e24bb287bec1d627d6a5bfb6f7c59ac304be2a60eb00b113e16094fc8d8a7a3
ppc64le
java-17-openjdk-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: 7a35fa744260b47b65da0cda1d20354511bd2c579ab81fd61540567e8a74d457
java-17-openjdk-debuginfo-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: dacee635e008dbee2b58dcda6eed13767b5478638cb4dbc2b325eab3e2713719
java-17-openjdk-debugsource-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: e57087b0b3ef60205822e741dd069702ce6fc8f9d48ff4dc2075bbccb6b1e59c
java-17-openjdk-demo-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: c3cdf69e9d0398f4d0c666a27994bf5b9c132524a8759675517ea0fbf5dca00c
java-17-openjdk-devel-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: e5732c8289fd94b5cc75cbdf465f18407ae4812fee1466d712998ead66e773f8
java-17-openjdk-devel-debuginfo-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: 3adb3222e35114ac9f2baa0b25d1a177ca1ae2d41ab2d839ecbdc428836ae3c0
java-17-openjdk-devel-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: 45093d7770efa8f6d6fe2b234332bc733ebc2d93146a35f638ee8b72c39618fc
java-17-openjdk-headless-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: a1850b99ca266dbf4990a013c3b6b133d5a6b4853c7ab03d3d1aa9574f0256c2
java-17-openjdk-headless-debuginfo-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: 10312ac77f068b46fd9a44f46d7f42416da5ce3a5cf78574ca33ac3178741266
java-17-openjdk-headless-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: d9bf3e916cf3348d8fa88a5a91594d0ab20a5489b9d02fc0a0ee20a599fd06a8
java-17-openjdk-javadoc-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: d314d3f4ba9f36a68095aa35e87fce6b654d8d983122a5c631c8d83a8a1f994f
java-17-openjdk-javadoc-zip-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: 7bcbf49ba205953f755380b5c88f62c86740c0af86e575247ececfc820f9af9b
java-17-openjdk-jmods-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: b0e696916aec9aa218db8df7446ad0ee1770327b18c3c351a0a5cd3857228d22
java-17-openjdk-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: 60cd591f02a4aed25b80732595a610683df1c978c24ef4af85563a78230f139c
java-17-openjdk-src-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: 65e11a3fc22de53271564d7bf6d545c2af006da447e126b82bf593324cff7d8c
java-17-openjdk-static-libs-17.0.10.0.7-1.el8_4.ppc64le.rpm SHA-256: 76a42bf6587f1382978265c0aeee5ad9e2a7d4e9bf5d6a9485ff4a7dc2b50eec

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
java-17-openjdk-17.0.10.0.7-1.el8_4.src.rpm SHA-256: 8e24bb287bec1d627d6a5bfb6f7c59ac304be2a60eb00b113e16094fc8d8a7a3
x86_64
java-17-openjdk-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 7c3ef60c0d92cee15df9072911b4d66c957b0a8a59319772a34cddd59c46869f
java-17-openjdk-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 35dc16a899b0c872f5e10176ac48ed53bf3baef10597219dae2f75602960b0d6
java-17-openjdk-debugsource-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: b73ba2f91b4f014397d27216fec4e8a0b2c93978109a5654a928a70ba2e92adf
java-17-openjdk-demo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: bea51f4b47366aeae96fba3e9168b84332ef447b7b42f1a1cef0e7f90d425e2c
java-17-openjdk-devel-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 89b74ae24207e87c08f3850dc08beb27158a7f6144d7f0ea522dd7acbf89fb9f
java-17-openjdk-devel-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: e06a7210d0367b04b9457757a5ef2f3d08449b668c8c9a739299fc9c1d9d8c69
java-17-openjdk-devel-fastdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 0c6754c281b22296b1a285c26403d4191770158321580cdeb23a51ea517f9972
java-17-openjdk-devel-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 23b0bf3ddd6ddbf3c3ac71eceda1f5ee16097945850ffd82583c26e6f87d126c
java-17-openjdk-fastdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 6c4b7ae1eacb99a112cdb87f39c0cf64dfae9f96f54aeff029df904a4a324923
java-17-openjdk-headless-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 18a5db70484ba6fabb55d70d41a4e75de33845fbca0a8772510b4bbf795659ae
java-17-openjdk-headless-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 43fd8833706b8795628f733cf96dcc2540b7464c2249a2583a3ab65b8c9a4d84
java-17-openjdk-headless-fastdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 62796acbc8aa896466a163edc1842f195595977e955bd48c15f0bd32f14ad840
java-17-openjdk-headless-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 8dab934c9317acee89c520687f6ab5ea3e4b21e22d91d97373a72d9691246d9a
java-17-openjdk-javadoc-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: cb8f9ea0936d4f2f2bdbff82275c3368e9501f18cc962fc2b5097a5c98fff438
java-17-openjdk-javadoc-zip-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 5e511b3f2a63e5eb6ffc5f01cdb6e83b2c73af3c7c8eb275cb6f9e6c2d5db4de
java-17-openjdk-jmods-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: c59a5bc8fd8ed375ea649c9c7d4ab7e84eeac1b2e0dffc4e92ef79fc24ef6068
java-17-openjdk-slowdebug-debuginfo-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 6afa688dad9bc7b0a9c832d8552542ccb30f2416b746f7b35c366c134ea6f6e3
java-17-openjdk-src-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: d1cbc2b52059efbd660c5e704adb5e3e3b3c6339db8c918396fcb6a968768516
java-17-openjdk-static-libs-17.0.10.0.7-1.el8_4.x86_64.rpm SHA-256: 33124ed61b4515264adbae8c8d777ff0c82029c307d3b00e2bb8307adef5c8c5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.