USN-7096-1

Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21208)

It was discovered that the Hotspot component of OpenJDK 8 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2024-21210, CVE-2024-21235)

It was discovered that the Serialization component of OpenJDK 8 did not properly handle deserialization under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21217)

It was discovered that the Hotspot component of OpenJDK 8 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2024-21131)

It was discovered that the Hotspot component of OpenJDK 8 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2024-21138)

It was discovered that the Hotspot component of OpenJDK 8 did not properly perform range check elimination. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2024-21140)

Yakov Shafranovich discovered that the Concurrency component of OpenJDK 8 incorrectly performed header validation in the Pack200 archive format. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2024-21144)

Sergey...