BELL-SA-2024:47: Liberica JDK vulnerabilities
Published: August 13, 2024Last modified: August 13, 2024
Description
Multiple security vulnerabilities were discovered in Liberica JDK product family. Please follow the instructions in the Solution section to make sure that your system includes all the necessary updates. Additional details for all the related CVEs are available at the links below.
Solution
The following components must be updated to versions listed below ("Fixed" column). For update instructions please refer to the installation guides of the latest versions of the components.
Liberica JDK 22.0.2
https://docs.bell-sw.com/liberica-jdk/22.0.2b11/general/install-guide/
Liberica JDK 21.0.4
https://docs.bell-sw.com/liberica-jdk/21.0.4b9/general/install-guide/
Liberica JDK 17.0.12
https://docs.bell-sw.com/liberica-jdk/17.0.12b10/general/install-guide/
Liberica JDK 11.0.24
https://docs.bell-sw.com/liberica-jdk/11.0.24b9/general/install-guide/
Liberica JDK 8u422
https://docs.bell-sw.com/liberica-jdk/8u422b6/general/install-guide/
In general, it is sufficient to perform an update of the entire Liberica JDK installed on the system by installing the newest update of the main version of the product (8u422, 11.0.24, 17.0.12, 21.0.4, 22.0.2).
| Product | Release | Package | Version |
|---|---|---|---|
| Liberica JDK | 8 | jdk | 8u422+6 |
| jdk-full | 8u422+6 | ||
| jdk-lite | 8u422+6 | ||
| jre | 8u422+6 | ||
| jre-full | 8u422+6 | ||
| 11 | jdk | 11.0.24+9 | |
| jdk-full | 11.0.24+9 | ||
| jdk-lite | 11.0.24+9 | ||
| jre | 11.0.24+9 | ||
| jre-full | 11.0.24+9 | ||
| 17 | jdk | 17.0.12+10 | |
| jdk-crac | 17.0.12+11 | ||
| jdk-full | 17.0.12+10 | ||
| jdk-lite | 17.0.12+10 | ||
| jre | 17.0.12+10 | ||
| jre-full | 17.0.12+10 | ||
| 21 | jdk | 21.0.4+9 | |
| jdk-crac | 21.0.4+10 | ||
| jdk-full | 21.0.4+9 | ||
| jdk-lite | 21.0.4+9 | ||
| jre | 21.0.4+9 | ||
| jre-full | 21.0.4+9 | ||
| 22 | jdk | 22.0.2+11 | |
| jdk-full | 22.0.2+11 | ||
| jdk-lite | 22.0.2+11 | ||
| jre | 22.0.2+11 | ||
| jre-full | 22.0.2+11 |