Issued:: 2024-06-25
Updated:: 2024-06-25

RHSA-2024:4081 - Security Advisory

Overview
Updated Packages

Synopsis

Low: [23.0] Security update for the 23.0 release (RPMs)

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the quarkus-mandrel-java and quarkus-mandrel-23 packages is now available for the Red Hat build of Quarkus.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

The quarkus-mandrel-java and quarkus-mandrel-23 packages provide the GraalVM installation for the quarkus/mandrel-23-rhel8:23.0 container image on top of the latest release of OpenJDK 17.0.11.

Security Fix(es):

org.graalvm.compiler/compiler: graalvm: Unauthorized Read Access

(CVE-2024-20954)

org.graalvm.compiler/compiler: graalvm: unauthorized ability to cause a partial denial of service

(CVE-2024-21098)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat build of Quarkus 3 x86_64
Red Hat build of Quarkus 3 aarch64

Fixes

BZ - 2278636 - CVE-2024-20954 graalvm: Unauthorized Read Access
BZ - 2278674 - CVE-2024-21098 graalvm: unauthorized ability to cause a partial denial of service

CVEs

References

https://access.redhat.com/security/updates/classification/#low

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat build of Quarkus 3

SRPM
quarkus-mandrel-23-23.0.4.1_1-4.el8qks.src.rpm	SHA-256: 5ecbd65486c9ae224f499f5ca5d896812e320b6b5f464fc0ebd34b27b0a63a36
quarkus-mandrel-java-23.0.4.1_1-10.redhat_00001.1.el8qks.src.rpm	SHA-256: 9146d620045c1c9f309ba35290453f3c9925e2c6d3404fa7d914cc8afbc1ebe0
x86_64
quarkus-mandrel-23-23.0.4.1_1-4.el8qks.x86_64.rpm	SHA-256: 658c0b8a3a30da2bea073ea084b1700d9e476d1f03d6a2400d30719fc2d4f8fe
quarkus-mandrel-23-debuginfo-23.0.4.1_1-4.el8qks.x86_64.rpm	SHA-256: c00382bd5bede6162a3eb3df22418b10e37be4a4511b6b480d81ba1d40324b0c
quarkus-mandrel-23-debugsource-23.0.4.1_1-4.el8qks.x86_64.rpm	SHA-256: 9f917004b0bfef7eabf4e7a993aa199bec868713d77fa2b54609be12fff12222
quarkus-mandrel-java-23.0.4.1_1-10.redhat_00001.1.el8qks.noarch.rpm	SHA-256: b18a33e850e9e1b980189ee7d26e69b0ece7c4dca51b8fd1dfb20b7401e0d51f
quarkus-mandrel-java-jdk-17-binding-23.0.4.1_1-10.redhat_00001.1.el8qks.noarch.rpm	SHA-256: 475bf25439e2e009b941d040392715a2642052674dafbb431b317e58d172b739
aarch64
quarkus-mandrel-23-23.0.4.1_1-4.el8qks.aarch64.rpm	SHA-256: 02a78d44d8d9fc779b20a84f8addc314466ae273790bed660bd23d26fe40a3e8
quarkus-mandrel-23-debuginfo-23.0.4.1_1-4.el8qks.aarch64.rpm	SHA-256: 141833da79a81ae134fc5d48dd034cecc1aa38ba586d0d733ad16d5ade25b5d5
quarkus-mandrel-23-debugsource-23.0.4.1_1-4.el8qks.aarch64.rpm	SHA-256: d65bad88b82677fac62b2f32c37498a05c038906911c1500d810c88a9c81d65c
quarkus-mandrel-java-23.0.4.1_1-10.redhat_00001.1.el8qks.noarch.rpm	SHA-256: b18a33e850e9e1b980189ee7d26e69b0ece7c4dca51b8fd1dfb20b7401e0d51f
quarkus-mandrel-java-jdk-17-binding-23.0.4.1_1-10.redhat_00001.1.el8qks.noarch.rpm	SHA-256: 475bf25439e2e009b941d040392715a2642052674dafbb431b317e58d172b739

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation