ClickCease Ubuntu Addresses Multiple OpenJDK 8 Vulnerabilities

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Ubuntu Addresses Multiple OpenJDK 8 Vulnerabilities

Rohan Timalsina

August 20, 2024 - TuxCare expert team

Several vulnerabilities have recently been identified in OpenJDK 8, which could potentially lead to denial of service, information disclosure, arbitrary code execution, or even the bypassing of Java sandbox restrictions. In response, Canonical has released security fixes for multiple versions of OpenJDK, including OpenJDK 21, OpenJDK 17, OpenJDK 11, and OpenJDK 8 on affected Ubuntu releases.

This article explores the details of these vulnerabilities and offers guidance on securing your Linux systems.

 

OpenJDK 8 Vulnerabilities Fixed

 

CVE-2024-21131

This vulnerability discovered in OpenJDK is related to the Hotspot component, which was found to improperly handle bounds when dealing with certain UTF-8 strings. This flaw can lead to a buffer overflow and could allow an attacker to cause a denial of service or execute arbitrary code on the affected systems.

 

CVE-2024-21138

Another vulnerability in the Hotspot component involves the possibility of triggering an infinite loop. If an automated system is tricked into processing excessively large symbols, it could result in the system entering a continuous loop, causing a denial of service.

 

CVE-2024-21140

The Hotspot component also contains a flaw related to inadequate range check elimination. This vulnerability could allow an attacker to cause a denial of service, execute arbitrary code, or bypass Java sandbox restrictions.

 

CVE-2024021144

The Concurrency component of OpenJDK was found to incorrectly perform header validation in the Pack200 archive format. This vulnerability could be exploited by an attacker to cause a denial of service.

 

CVE-2024-21145

Sergery Bylokhov identified a vulnerability in OpenJDK related to improper memory management when handling 2D images. This flaw could allow an attacker to obtain sensitive information from the system.

 

CVE-2024-21147

Another issue related to range check elimination in the Hotspot component was also discovered. This vulnerability, similar to CVE-2024-21140, could allow an attacker to cause a denial of service, execute arbitrary code, or bypass Java sandbox restrictions.

 

Securing Your Ubuntu Systems

 

To address these vulnerabilities, it is essential to update your systems to the latest package versions of OpenJDK 8. Canonical has provided security for various Ubuntu releases, including:

For systems running Ubuntu 18.04, which has reached the end of its supported life, security fixes are only available through Extended Security Maintenance (ESM) with an Ubuntu Pro subscription. However, there is an alternative option for organizations looking to extend the security life of their Ubuntu 18.04 systems without incurring high costs.

TuxCare’s Extended Lifecycle Support (ELS) for Ubuntu 18.04 offers a more affordable solution, providing up to five additional years of vendor-grade security patches. This service covers over 140 packages, including the Linux kernel, OpenJDK, Apache, PHP, glibc, OpenSSL, OpenSSH, and Python packages, among others. With ELS, you get enough time to plan a safe migration while maintaining the security of your operating system.

 

Source: USN-6929-1

Summary
Ubuntu Addresses Multiple OpenJDK 8 Vulnerabilities
Article Name
Ubuntu Addresses Multiple OpenJDK 8 Vulnerabilities
Description
Discover the recent OpenJDK 8 vulnerabilities and learn how to secure your systems with essential updates and Extended Lifecycle Support.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter