ALSA-2024:0265

[ALSA-2024:0265] Important: java-1.8.0-openjdk security and bug fix update

Type:

security

Severity:

important

Release date:

2024-03-05

Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)
* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)
* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)
* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)
* OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926)
* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* In the previous release in October 2023 (8u392), the RPMs on AlmaLinux 8 were changed to use Provides for java, jre, java-headless, jre-headless, java-devel and java-sdk which included the full RPM version. This prevented the Provides being used to resolve a dependency on Java 1.8.0 (for example, "Requires: java-headless 1:1.8.0"). This change has now been reverted to the old "1:1.8.0" value. (AlmaLinux-19636, AlmaLinux-19637)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	java-1.8.0-openjdk-demo-fastdebug-1.8.0.402.b06-2.el8.aarch64.rpm	05dbae26be379bfcaeab1ef7e5b1c2f7e649bb6d7f23b022a0053933e452ec1c
aarch64	java-1.8.0-openjdk-src-fastdebug-1.8.0.402.b06-2.el8.aarch64.rpm	2b30a375473a491ce10941ede82cec983a986dcded207c039f85fabba6ca7e26
aarch64	java-1.8.0-openjdk-headless-1.8.0.402.b06-2.el8.aarch64.rpm	2d2bb2226e1d92b05a1cb4526469021e13cb775987e85bb9141c870170b8ed98
aarch64	java-1.8.0-openjdk-fastdebug-1.8.0.402.b06-2.el8.aarch64.rpm	3cbb6969787afea2600f9547899953d2a3c60794fbd37358ab0a0bd981c3f411
aarch64	java-1.8.0-openjdk-src-1.8.0.402.b06-2.el8.aarch64.rpm	51fbed0f0c2e64ed47d6325827ad9477dca36bd77210e3df0d738ceaf781f469
aarch64	java-1.8.0-openjdk-devel-1.8.0.402.b06-2.el8.aarch64.rpm	563a0a79683383e05a92acc7b8db5d52ff6cd471484dfcf510f5db81c9b5e84c
aarch64	java-1.8.0-openjdk-headless-fastdebug-1.8.0.402.b06-2.el8.aarch64.rpm	6f65240702bb283156444fe8997ecd139af2c44c1dcdcf4f08f1b2d1ec44fa33
aarch64	java-1.8.0-openjdk-devel-slowdebug-1.8.0.402.b06-2.el8.aarch64.rpm	80b24e211caf0323a3b26a6e0ea75be11e9040f18bfa06b611c5324fa34f02b9
aarch64	java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.402.b06-2.el8.aarch64.rpm	8707222fb814bb403c616ff55e47796932383112572f63da75fbd1d74a93d570
aarch64	java-1.8.0-openjdk-devel-fastdebug-1.8.0.402.b06-2.el8.aarch64.rpm	8e9e1608c8b4b2051a04b073a122d2ecb37074ded4b1f1280d4e88b1b6ecefb8
aarch64	java-1.8.0-openjdk-headless-slowdebug-1.8.0.402.b06-2.el8.aarch64.rpm	9a9209701729f320418dd596a84f6c298e6511a0b3e09d6a3a54ed08d56f05f7
aarch64	java-1.8.0-openjdk-src-slowdebug-1.8.0.402.b06-2.el8.aarch64.rpm	b378af1ea6add562fe0ef608dd4930937d66a9814198ca6bfc6ea4696c7dacbe
aarch64	java-1.8.0-openjdk-1.8.0.402.b06-2.el8.aarch64.rpm	b5f521fb9a18c1dfdb90fa21dd8256e27e3e5dc7fe699e080bd5a1a1b0e771fe
aarch64	java-1.8.0-openjdk-accessibility-1.8.0.402.b06-2.el8.aarch64.rpm	bcf0abfad23d954a2847265c6c3470a37c2527c4d8fdd0c86f385fd054418791
aarch64	java-1.8.0-openjdk-slowdebug-1.8.0.402.b06-2.el8.aarch64.rpm	d6b5d45ff8ab562b7838ab4e77c1f0841c7d3429fc37bd9cd8241087809375fb
aarch64	java-1.8.0-openjdk-demo-slowdebug-1.8.0.402.b06-2.el8.aarch64.rpm	dff4ad0e5ee3861efbe32d50ff51e68dcfd57fc00ff05436c4a267f49e0e426b
aarch64	java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.402.b06-2.el8.aarch64.rpm	e09621ba5f40da7d9d3d996f3427c180c2c1456e70b7f129cfc46c5afbd558dc
aarch64	java-1.8.0-openjdk-demo-1.8.0.402.b06-2.el8.aarch64.rpm	e5e4efaa7310cc7cd5a1b18b56032adb26129524b75cf87974b392c17e299956
noarch	java-1.8.0-openjdk-javadoc-1.8.0.402.b06-2.el8.noarch.rpm	8943584930053bdc4e6c270811243cc4e7fd84b4a2ced0a15eb30c0fa6651997
noarch	java-1.8.0-openjdk-javadoc-zip-1.8.0.402.b06-2.el8.noarch.rpm	964c76cc76f2de14ae9ab294b84262545eb9f1302481f40df0a91ba0850ad8b9
ppc64le	java-1.8.0-openjdk-headless-fastdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	0f99e9875fc764d7aab49aac5241582f0fefa2cc5799adc974331b0ec95973e9
ppc64le	java-1.8.0-openjdk-accessibility-1.8.0.402.b06-2.el8.ppc64le.rpm	1def7af624043f3173c6afb60f697633d916c71072dff1e2703473a3ae5c7fe9
ppc64le	java-1.8.0-openjdk-src-fastdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	221f9215dae3c029685589628a795967a6de735adaba58f1a1b8fd0a10bbe938
ppc64le	java-1.8.0-openjdk-demo-1.8.0.402.b06-2.el8.ppc64le.rpm	22e0e9a29fb9f0c9c9559bd9928e7a4fc563927b179fd35b11696f004bd5c722
ppc64le	java-1.8.0-openjdk-demo-fastdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	38c3a6b2c733e1ce2095a43a56e8928ad5125185e28527816491f2f54e40559d
ppc64le	java-1.8.0-openjdk-headless-1.8.0.402.b06-2.el8.ppc64le.rpm	509355a2c0c75a77e1d3efd88e35fd37d38e017ed1b1a1c27996f76f1cd34206
ppc64le	java-1.8.0-openjdk-demo-slowdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	5324c21d97bdefff6b9c4232fefd553d274319ff2f6adada72e57f79579240d7
ppc64le	java-1.8.0-openjdk-headless-slowdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	8a0a9a7ac526c7772752178fdd7dd8cbab43e2a4b93223f811d6ff5ec196217c
ppc64le	java-1.8.0-openjdk-src-1.8.0.402.b06-2.el8.ppc64le.rpm	8bc0c8cbd588a7145e979c266378480badd43da633d7ef062d03362fb220a779
ppc64le	java-1.8.0-openjdk-devel-fastdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	a0cb78f74cf95ece17bd5b860b1bb19090b897df51aa3e1f11c5b88c6f6c937a
ppc64le	java-1.8.0-openjdk-src-slowdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	a3bc2c7ea5bea82b428b8dd6e38fb8550b1b696318b09d400a7e8d8a6fc607f9
ppc64le	java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	b2756b3fb6a0c6fd9aa9cf962dc72c3993f254276523701cab7f0b4e16e954fe
ppc64le	java-1.8.0-openjdk-devel-1.8.0.402.b06-2.el8.ppc64le.rpm	b4c699e4a3561ba28bec9bcaa4d10c7c32a2d3bf37661e460de9358c8e7e3e16
ppc64le	java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	e1799e6a79728ffb72dae97fba76d94abba9748a0317bdb307d5ac7397cfb153
ppc64le	java-1.8.0-openjdk-devel-slowdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	e24de7cc171975dd2793a0600bfcb87e937ee9c0b0421e88087cb52e08a7a0a0
ppc64le	java-1.8.0-openjdk-1.8.0.402.b06-2.el8.ppc64le.rpm	ee7cd143bb6e7eeb48a4f63cc1c0d973f39caa0ae7815267dd370b7ec22a0fb6
ppc64le	java-1.8.0-openjdk-fastdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	f6f02066a9f275db649ab3ee9bcc95d326b6fdd792646ff2e7cd2af0fabf41bd
ppc64le	java-1.8.0-openjdk-slowdebug-1.8.0.402.b06-2.el8.ppc64le.rpm	fef3f3719914a257c42bae58e827a20550b03c2722363e12b8aabe70d410f864
s390x	java-1.8.0-openjdk-accessibility-1.8.0.402.b06-2.el8.s390x.rpm	0268d695d61ad1750decbdc2d8426cdeb121d15d5d267103c6d661f8bb039557
s390x	java-1.8.0-openjdk-demo-1.8.0.402.b06-2.el8.s390x.rpm	2968b5feb2812db4434259802f7850bc39985771530807d3b22668e064ba74c9
s390x	java-1.8.0-openjdk-src-1.8.0.402.b06-2.el8.s390x.rpm	35e329b63850c115de74396720318bf31e29f2aef8ffaa6db0420e87783b5508
s390x	java-1.8.0-openjdk-headless-1.8.0.402.b06-2.el8.s390x.rpm	441df673ecb03bc48b0756518eae291222ec00db9345b426b1f0c783ab7fb1b6
s390x	java-1.8.0-openjdk-1.8.0.402.b06-2.el8.s390x.rpm	7cb72daa9b14df658dfc81e32f0cdc5523a2a5775d81c89483eb9dc7e6a30339
s390x	java-1.8.0-openjdk-devel-1.8.0.402.b06-2.el8.s390x.rpm	ba4b63f73ffe51b49080c34cc3dd6226463c07a32b0d0bb3a5be6b1e07f5cdcd
x86_64	java-1.8.0-openjdk-src-1.8.0.402.b06-2.el8.x86_64.rpm	217e46d338802b7ea46c8e205278aafbee3377ce5d1246bc3a2effeef7853679
x86_64	java-1.8.0-openjdk-devel-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm	41d1d7c6bb20cc560eb9720098662cf66b91a3b061f610b7551eef2a5941c14c
x86_64	java-1.8.0-openjdk-headless-1.8.0.402.b06-2.el8.x86_64.rpm	453e46e120c6ccbb83426235306fc660d1cbd403e746171975fe379a7a97bdc9
x86_64	java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm	51e7149da2b360cd654e51fe5e978d000ad6417df5137afcb64ad70883df7e9f
x86_64	java-1.8.0-openjdk-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm	560377d2d4bf122603ead6b5cde16d27bf3b589348d7c67ed249057feb5b97fe
x86_64	java-1.8.0-openjdk-devel-1.8.0.402.b06-2.el8.x86_64.rpm	63b872f10b3d13032ca3b7268196b4a4cd251b72ca1f8033e90a87250a711c9a
x86_64	java-1.8.0-openjdk-demo-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm	65fea394689f7908705ac0a23bd55f6e1e2e34b6db4aafc8e805fb86cce1efeb
x86_64	java-1.8.0-openjdk-demo-1.8.0.402.b06-2.el8.x86_64.rpm	701ee7ea75513ade68517ef3a02dd40b9eb6e02a6e10be35b469c5d0d12581c6
x86_64	java-1.8.0-openjdk-1.8.0.402.b06-2.el8.x86_64.rpm	7175a305927fdfaa779ac418e6cc49bc6d45f2c8247c6113b524f2cccc7dfc00
x86_64	java-1.8.0-openjdk-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm	86680f0946a71b21e3ebc0f87f120e7e7b5df4f4d51795a05d53e89c51f0f0b5
x86_64	java-1.8.0-openjdk-demo-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm	95ac9b0487872d60de8cef36307be760f29033e2e738502734d365b3b8bf2335
x86_64	java-1.8.0-openjdk-devel-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm	97d5e2028d20108e79437494f6901e3e46cc9d927b793cb9802e6e095e80e9f8
x86_64	java-1.8.0-openjdk-accessibility-1.8.0.402.b06-2.el8.x86_64.rpm	b2e9f1acf3195cc604176f2f73dd394f4391d5546d60776aa5e6079b99ee4914
x86_64	java-1.8.0-openjdk-headless-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm	b5d65bcb463c9dc96618c55fdf767cf71f0a44bbc9d727249a7b0fcc7be5c8c6
x86_64	java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm	b9c80987625580a01e16ae90a72b0df881e6c838f9f20503f9f2c40b01204e08
x86_64	java-1.8.0-openjdk-headless-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm	d7da2ecf9b0f4b695df5311b3a170004c0f1f3b79d735907d422ec0ac1b86198
x86_64	java-1.8.0-openjdk-src-fastdebug-1.8.0.402.b06-2.el8.x86_64.rpm	f3eed58d860466cb2f30d9245e9941c14511fe43e6beb46861e26ab3d820fb74
x86_64	java-1.8.0-openjdk-src-slowdebug-1.8.0.402.b06-2.el8.x86_64.rpm	f7a587be4c78cf4e9cdf439a7855618239c10c161ccb1328cd2000033bea2a33

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.