{"id":"ALSA-2024:8124","summary":"Moderate: java-17-openjdk security update","details":"The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161)\n* JDK: Array indexing integer overflow (8328544) (CVE-2024-21210)\n* JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208)\n* JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217)\n* JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-21T06:49:42.625813Z","published":"2024-10-16T00:00:00Z","related":["CVE-2023-48161","CVE-2024-21208","CVE-2024-21210","CVE-2024-21217","CVE-2024-21235"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:8124"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-48161"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-21208"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-21210"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-21217"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-21235"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2251025"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2318524"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2318526"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2318530"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2318534"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2024-8124.html"}],"affected":[{"package":{"name":"java-17-openjdk","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-demo","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-demo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-demo-fastdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-demo-fastdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-demo-slowdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-demo-slowdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-devel-fastdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-devel-fastdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-devel-slowdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-devel-slowdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-fastdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-fastdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-headless","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-headless"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-headless-fastdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-headless-fastdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-headless-slowdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-headless-slowdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-javadoc-zip","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-javadoc-zip"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-jmods","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-jmods"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-jmods-fastdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-jmods-fastdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-jmods-slowdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-jmods-slowdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-slowdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-slowdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-src","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-src"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-src-fastdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-src-fastdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-src-slowdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-src-slowdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-static-libs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-static-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-static-libs-fastdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-static-libs-fastdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}},{"package":{"name":"java-17-openjdk-static-libs-slowdebug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/java-17-openjdk-static-libs-slowdebug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:17.0.13.0.11-3.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8124.json"}}],"schema_version":"1.7.3"}