Opened 3 months ago
Closed 3 months ago
#19141 closed enhancement (fixed)
jdk-21.0.2
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 12.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
Contains 5 security fixes.
CVE-2024-20918 - 7.4 High, in the Hotspot component. The attack vector appears to be Network, with no privileges required and no user interaction required.
CVE-2024-20952 - 7.4 High, in the Security component. The attack vector appears to be Network again, with no privileges required and no user interaction required.
CVE-2024-20919 - 5.9 Medium, in the Hotspot component. The attack vector appears to be Network again, with no privileges required and no user interaction required.
CVE-2024-20921 - 5.9 Medium, in the Hotspot component. The attack vector appears to be Network again, with no privileges required and no user interaction required.
CVE-2024-20945 - 4.7 Medium, in the Security component. The attack vector appears to be Local, with Low privileges required and no user interaction required.
Change History (6)
comment:1 by , 3 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 3 months ago
comment:4 by , 3 months ago
Both 32-bit and 64-bit binaries have been built and tested. I'll be uploading them to anduin shortly
comment:6 by , 3 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at c751775dd9083dabb47ab5c43b6fcbf320a724b7
SA-12.0-074 issued.
Our version of jtreg is a few versions too old. I'll upgrade us to 7.3.1+1.