Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-7338-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.12.2025.7338.1

Categoría: Ubuntu Local Security Checks

Título: Ubuntu: Security Advisory (USN-7338-1)

Resumen: The remote host is missing an update for the 'openjdk-17-crac' package(s) announced via the USN-7338-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openjdk-17-crac' package(s) announced via the USN-7338-1 advisory.

Vulnerability Insight:
Andy Boothe discovered that the Networking component of CRaC JDK 17 did not
properly handle access under certain circumstances. An unauthenticated
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21208)

It was discovered that the Hotspot component of CRaC JDK 17 did not
properly handle vectorization under certain circumstances. An
unauthenticated attacker could possibly use this issue to access
unauthorized resources and expose sensitive information.
(CVE-2024-21210, CVE-2024-21235)

It was discovered that the Serialization component of CRaC JDK 17 did not
properly handle deserialization under certain circumstances. An
unauthenticated attacker could possibly use this issue to cause a denial
of service. (CVE-2024-21217)

It was discovered that the Hotspot component of CRaC JDK 17 did not
properly handle API access under certain circumstances. An unauthenticated
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2025-21502)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
[links moved to references]

Affected Software/OS:
'openjdk-17-crac' package(s) on Ubuntu 24.10.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-21208
Common Vulnerability Exposure (CVE) ID: CVE-2024-21210
Common Vulnerability Exposure (CVE) ID: CVE-2024-21217
Common Vulnerability Exposure (CVE) ID: CVE-2024-21235
Common Vulnerability Exposure (CVE) ID: CVE-2025-21502

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.12.2025.7338.1
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu: Security Advisory (USN-7338-1)
Resumen:	The remote host is missing an update for the 'openjdk-17-crac' package(s) announced via the USN-7338-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openjdk-17-crac' package(s) announced via the USN-7338-1 advisory. Vulnerability Insight: Andy Boothe discovered that the Networking component of CRaC JDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21208) It was discovered that the Hotspot component of CRaC JDK 17 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2024-21210, CVE-2024-21235) It was discovered that the Serialization component of CRaC JDK 17 did not properly handle deserialization under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21217) It was discovered that the Hotspot component of CRaC JDK 17 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2025-21502) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: [links moved to references] Affected Software/OS: 'openjdk-17-crac' package(s) on Ubuntu 24.10. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-21208 Common Vulnerability Exposure (CVE) ID: CVE-2024-21210 Common Vulnerability Exposure (CVE) ID: CVE-2024-21217 Common Vulnerability Exposure (CVE) ID: CVE-2024-21235 Common Vulnerability Exposure (CVE) ID: CVE-2025-21502
Copyright	Copyright (C) 2025 Greenbone AG