Test ID:	1.3.6.1.4.1.25623.1.1.10.2024.0061
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2024-0061)
Summary:	The remote host is missing an update for the 'java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk' package(s) announced via the MGASA-2024-0061 advisory.
Description:	Summary: The remote host is missing an update for the 'java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk' package(s) announced via the MGASA-2024-0061 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: Array out-of-bounds access due to missing range check in C1 compiler. (CVE-2024-20918) RSA padding issue and timing side-channel attack against TLS. (CVE-2024-20952) Arbitrary Java code execution in Nashorn. (CVE-2024-20926) JVM class file verifier flaw allows unverified bytecode execution. (CVE-2024-20919) Range check loop optimization issue. (CVE-2024-20921) Logging of digital signature private keys. (CVE-2024-20945) Affected Software/OS: 'java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-20918 Oracle Advisory https://www.oracle.com/security-alerts/cpujan2024.html https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html Common Vulnerability Exposure (CVE) ID: CVE-2024-20919 Common Vulnerability Exposure (CVE) ID: CVE-2024-20921 Common Vulnerability Exposure (CVE) ID: CVE-2024-20926 Common Vulnerability Exposure (CVE) ID: CVE-2024-20945 Common Vulnerability Exposure (CVE) ID: CVE-2024-20952
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.