Issued:: 2024-06-25
Updated:: 2024-06-25

RHSA-2024:4079 - Security Advisory

Overview
Updated Packages

Synopsis

Low: [23.1] Security update for the 23.1 release (RPMs)

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the quarkus-mandrel-java and quarkus-mandrel-231 packages is
now available for the Red Hat build of Quarkus.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

The quarkus-mandrel-java and quarkus-mandrel-231 packages provide the
GraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1 container image on top of the latest release of OpenJDK 21.0.3.

Security Fix(es):

org.graalvm.compiler/compiler: graalvm: Unauthorized Read Access

(CVE-2024-20954)

org.graalvm.compiler/compiler: graalvm: unauthorized ability to cause a partial denial of service

(CVE-2024-21098)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat build of Quarkus 3 x86_64
Red Hat build of Quarkus 3 aarch64

Fixes

BZ - 2278636 - CVE-2024-20954 graalvm: Unauthorized Read Access
BZ - 2278674 - CVE-2024-21098 graalvm: unauthorized ability to cause a partial denial of service

CVEs

References

https://access.redhat.com/security/updates/classification/#low

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat build of Quarkus 3

SRPM
quarkus-mandrel-231-23.1.3.1_1-5.el8qks.src.rpm	SHA-256: 75e0bd5fe3df027ae9d92b52500ac2db231009f2176471385f08d30a378c5090
quarkus-mandrel-java-23.1.3.1_1-13.redhat_00001.1.el8qks.src.rpm	SHA-256: 723ae1621627b1ef5bb78e2653862122ce9b10e358fa12284255c71db3457b47
x86_64
quarkus-mandrel-231-23.1.3.1_1-5.el8qks.x86_64.rpm	SHA-256: cecd3c82d96595da6c6defb60e2ef82d456e93390183d201047ca0d298f2bed3
quarkus-mandrel-231-debuginfo-23.1.3.1_1-5.el8qks.x86_64.rpm	SHA-256: 3fbf580bd63752d6146efbf518c4bfacd07380e0307fcb5e78f240940cab1b70
quarkus-mandrel-231-debugsource-23.1.3.1_1-5.el8qks.x86_64.rpm	SHA-256: af127142ca3ae54025525c44a424edfc4eeeeb794593490031821ead219ee20a
quarkus-mandrel-java-23.1.3.1_1-13.redhat_00001.1.el8qks.noarch.rpm	SHA-256: 1b0a93203f4eedf89cb372abaf0718afe313749d794093822d758ca15a593a4b
quarkus-mandrel-java-jdk-21-binding-23.1.3.1_1-13.redhat_00001.1.el8qks.noarch.rpm	SHA-256: e5168d88cf4e451cd91f6341c1a784d689c3fd6dc69f3003d324e31df32135ca
aarch64
quarkus-mandrel-231-23.1.3.1_1-5.el8qks.aarch64.rpm	SHA-256: 212817aaf34f676118ed7f1d35b98675ae149a4cbea3f8225d7a08e7b21d9537
quarkus-mandrel-231-debuginfo-23.1.3.1_1-5.el8qks.aarch64.rpm	SHA-256: 0bfbf31768736f11f042c1aca10906d6973f3c4e5e74862a27d6620ab7a1155d
quarkus-mandrel-231-debugsource-23.1.3.1_1-5.el8qks.aarch64.rpm	SHA-256: 366ace50cf6633de02672b6e9a6f3e0aaa04be5ac26cfcb0139ef09f5fc705b5
quarkus-mandrel-java-23.1.3.1_1-13.redhat_00001.1.el8qks.noarch.rpm	SHA-256: 1b0a93203f4eedf89cb372abaf0718afe313749d794093822d758ca15a593a4b
quarkus-mandrel-java-jdk-21-binding-23.1.3.1_1-13.redhat_00001.1.el8qks.noarch.rpm	SHA-256: e5168d88cf4e451cd91f6341c1a784d689c3fd6dc69f3003d324e31df32135ca

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation