Security Alert (A24-01-16): Multiple Vulnerabilities in Oracle Java and Oracle Products (January 2024)


 

Published on: 17 January 2024

  
  

Description:

Oracle released a Critical Patch Update (CPU) Advisory with collections of patches to address multiple vulnerabilities in Java SE and various Oracle products. The list of patches can be found at:
https://www.oracle.com/security-alerts/cpujan2024.html

 

Affected Systems:

  • Oracle Java SE
  • Database
  • Fusion Applications and Middleware
  • Oracle MySQL Product Suite
  • NoSQL Database
  • Oracle and Sun Systems Products Suite

A complete list of the affected products can be found at:
https://www.oracle.com/security-alerts/cpujan2024.html

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass or tampering on an affected system.

 

Recommendation:

Patches for affected systems are available. Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

For Oracle Java SE products, please refer to the following link:

  • Java Platform SE 8u401 (JDK and JRE),
  • Java Platform SE 11.0.22 (JDK and JRE),
  • Java Platform SE 17.0.10 (JDK and JRE),
  • Java Platform SE 21.0.2 (JDK and JRE)

https://www.oracle.com/java/technologies/javase-downloads.html

For OpenJDK, please refer to the following link:
https://jdk.java.net/

Users could also access the security advisory below for the information about the security updates of other Oracle products:
https://www.oracle.com/security-alerts/cpujan2024.html

Users may contact their product support vendors for the fixes and assistance.

 

More Information:

  • https://www.oracle.com/security-alerts/cpujan2024.html
  • https://www.hkcert.org/security-bulletin/oracle-products-multiple-vulnerabilities_20240117
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5410
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26870
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29508
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35163 (to CVE-2020-35164)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35166 (to CVE-2020-35168)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0341
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33813
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515 (to CVE-2021-35517)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37533
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182 (to CVE-2021-41184)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42575
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43306
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1471
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3479
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3602
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3786
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21432
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22969
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22979
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24839
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25147
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29155
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31147
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31692
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36944
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40896
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41704
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003 (to CVE-2022-42004)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889 (to CVE-2022-42890)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42920
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44729 (to CVE-2022-44730)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45868
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46337
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46751
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46908
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48174
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464 (to CVE-2023-0466)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1108
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1436
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2283
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2617 (to CVE-2023-2618)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2975 (to CVE-2023-2976)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823 (to CVE-2023-3824)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4043
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5072
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5363
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20863
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20883
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21833
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21901
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21949
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22102
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25194
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27391
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28755 (to CVE-2023-28756)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28823
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30861
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31486
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31582
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32697
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34034 (to CVE-2023-34035)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34053
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34055
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34453 (to CVE-2023-34455)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34624
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34981
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35141
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35887
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36478 (to CVE-2023-36479)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36632
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37536
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38039
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38325
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545 (to CVE-2023-38546)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39151
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318 (to CVE-2023-39322)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39975
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41053
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41105
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42503
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42794 (to CVE-2023-42795)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43494 (to CVE-2023-43498)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43642 (to CVE-2023-43643)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44483
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44981
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45143
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45145
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45648
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47248
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49093
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50164
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20903 (to CVE-2024-20953)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20955 (to CVE-2024-20987)


Tag: Oracle , Java , Oracle Database , Fusion , MySQL , Oracle NoSQL , Sun Systems
Tags