The safety alert issued for Oracle Java SE has obtained an replace from BSI. You can examine which merchandise are affected by safety holes right here at information.de.
Federal workplace for Security in Information Technology (BSI) has revealed an replace on May 20, 2024 to a high-risk safety gap in Oracle Java SE identified on April 16, 2024. Operating programs Linux, macOS Corretto, Azul Zulu, IBM Java and Dell NetWorker.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Dell Security Advisory DSA-2024-224 (From 20 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple Vulnerabilities for Oracle Java SE – Risk: High
Risk stage: 4 (excessive)
CVSS Base Score: 9.0
CVSS provisional rating: 7,8
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop programs. The CVSS commonplace makes it potential to check potential or precise safety dangers based mostly on varied standards to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporary scores additionally consider modifications over time within the threat state of affairs. According to CVSS, the danger of the vulnerability talked about right here is taken into account “excessive” with a base rating of 9.0.
Oracle Java SE Bug: Vulnerability and CVE numbers
The Java Platform, Standard Edition (SE) is a group of Java APIs (JDK) and the Java Runtime Environment (JRE).
A distant, unknown attacker may exploit a number of vulnerabilities in Oracle Java SE to compromise confidentiality, integrity, and availability.
Vulnerabilities are numbered for every product utilizing the CVE (Common Vulnerabilities and Exposures) reference system. CVE-2023-41993, CVE-2024-2024-21002, CVE-2024-21003, CVE-2024-21005, CVE-2024-21012, CVE-210120-20688, CVE -2024-21085, CVE-2024-21094, CVE-2024-21098 and CVE-2024-21892.
Systems affected by the safety hole at a look
Operating programs
Linux, MacOS X, UNIX, Windows
Products
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
IBM WebSphere Application Server 8.5 (cpe:/a:ibm:websphere_application_server)
IBM WebSphere Application Server 9.0 (cpe:/a:ibm:websphere_application_server)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
IBM WebSphere Application Server Liberty (cpe:/a:ibm:websphere_application_server)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
Oracle Java SE 21.0.2 (cpe:/a:oracle:java_se)
Oracle Java SE 22 (cpe:/a:oracle:java_se)
Oracle Java SE 21.3.9 (cpe:/a:oracle:java_se)
Oracle Java SE 11.0.22 (cpe:/a:oracle:java_se)
Oracle Java SE 17.0.10 (cpe:/a:oracle:java_se)
Oracle Java SE Oracle GraalVM for JDK: 17.0.10 (cpe:/a:oracle:java_se)
Oracle Java SE Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 (cpe:/a:oracle:java_se)
Oracle Java SE 22; Oracle GraalVM Enterprise Edition: 20.3.13 (cpe:/a:oracle:java_se)
Oracle Java SE Oracle Java SE: 8u401 (cpe:/a:oracle:java_se)
Oracle Java SE Oracle Java SE 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 (cpe:/a:oracle:java_se)
Oracle Java SE 22; Oracle GraalVM for JDK: 17.0.10 (cpe:/a:oracle:java_se)
Oracle Java SE 22; Oracle GraalVM Enterprise Edition: 21.3.9 (cpe:/a:oracle:java_se)
Oracle Java SE Oracle Java SE: 11.0.22 (cpe:/a:oracle:java_se)
Amazon Corretto Azul Zulu (cpe:/a:azul:zulu)
IBM Java IBM Java Dell NetWorker NRE
General suggestions for addressing IT safety gaps
- Users of affected programs ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically comprises extra details about the newest model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly test the required sources to see if a brand new safety replace is on the market.
Sources for updates, patches and workarounds
Here you will see that some hyperlinks with details about bug experiences, safety fixes and workarounds.
Dell Security Advisory DSA-2024-224 vom 2024-05-20 (20.05.2024)
For extra data, see:
Amazon Linux Security Advisory ALASJAVA-OPENJDK11-2024-008 vom 2024-05-20 (20.05.2024)
For extra data, see:
Amazon Linux Security Advisory ALAS-2024-2540 vom 2024-05-15 (15.05.2024)
For extra data, see:
IBM Security Bulletin 7151118 vom 2024-05-13 (13.05.2024)
For extra data, see:
IBM Security Bulletin 7150727 vom 2024-05-09 (09.05.2024)
For extra data, see:
Rocky Linux Security Advisory RLSA-2024:1828 vom 2024-05-06 (06.05.2024)
For extra data, see:
Rocky Linux Security Advisory RLSA-2024:1822 vom 2024-05-06 (06.05.2024)
For extra data, see:
Rocky Linux Security Advisory RLSA-2024:1818 vom 2024-05-06 (06.05.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1498-1 vom 2024-05-06 (05.05.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1499-1 vom 2024-05-06 (05.05.2024)
For extra data, see:
Amazon Linux Security Advisory ALAS-2024-2527 vom 2024-04-29 (29.04.2024)
For extra data, see:
Amazon Linux Security Advisory ALAS-2024-2528 vom 2024-04-29 (29.04.2024)
For extra data, see:
Amazon Linux Security Advisory ALASCORRETTO8-2024-011 vom 2024-04-29 (29.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1452-1 vom 2024-04-26 (28.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1451-1 vom 2024-04-26 (28.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1450-1 vom 2024-04-26 (28.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1822 vom 2024-04-23 (23.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1818 vom 2024-04-23 (23.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1828 vom 2024-04-24 (23.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1822 vom 2024-04-22 (22.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1821 vom 2024-04-22 (22.04.2024)
For extra data, see:
Debian Security Advisory DSA-5672 vom 2024-04-22 (22.04.2024)
For extra data, see:
Debian Security Advisory DLA-3793 vom 2024-04-22 (22.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1821 vom 2024-04-22 (22.04.2024)
For extra data, see:
Debian Security Advisory DSA-5671 vom 2024-04-22 (21.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1825 vom 2024-04-20 (21.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1826 vom 2024-04-18 (18.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1819 vom 2024-04-18 (18.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1828 vom 2024-04-18 (18.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1818 vom 2024-04-18 (17.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1827 vom 2024-04-17 (17.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1825 vom 2024-04-18 (17.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1824 vom 2024-04-17 (17.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1823 vom 2024-04-17 (17.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1816 vom 2024-04-17 (17.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1820 vom 2024-04-17 (17.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1815 vom 2024-04-17 (17.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1817 vom 2024-04-17 (17.04.2024)
For extra data, see:
Azul Zulu Quarterly Review Release Notes (16.04.2024)
For extra data, see:
Change Log for Amazon Corretto 8 (16.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1817 vom 2024-04-16 (16.04.2024)
For extra data, see:
Oracle Critical Patch Update Advisory – April 2024 – Appendix Oracle Java SE vom 2024-04-16 (16.04.2024)
For extra data, see:
Version historical past of this safety alert
This is model 14 of this Oracle Java SE IT Security Notice. This doc shall be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past under.
April 16, 2024 – First model
April 17, 2024 – Added new updates from Oracle Linux and Red Hat
April 18, 2024 – New updates from Red Hat have been added
April 21, 2024 – New Oracle Linux updates added
April 22, 2024 – New updates from Oracle Linux, Debian and Red Hat added
April 23, 2024 – New updates for Oracle Linux have been added
April 28, 2024 – New updates from SUSE added
April 29, 2024 – Added new updates from Amazon
05/05/2024 – New updates from SUSE added
05/06/2024 – New updates from the Rocky Enterprise Software Foundation have been added
May 9, 2024 – New updates from IBM and IBM-APAR added
May 13, 2024 – New updates from IBM added
May 15, 2024 – Added new updates from Amazon
May 20, 2024 – Added new updates from Amazon and Dell
+++ Editorial be aware: This doc is predicated on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that sizzling information, present movies and a direct line to the editorial staff.
kns/roj/information.de