Fedora 40 update for multiple packages

Published: 2024-03-04

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2024-1938 CVE-2024-1939
CWE-ID	CWE-843
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Fedora Operating systems & Components / Operating system xz-java Operating systems & Components / Operating system package or component xstream Operating systems & Components / Operating system package or component xmvn-generator Operating systems & Components / Operating system package or component xmvn-connector-ivy Operating systems & Components / Operating system package or component xmvn Operating systems & Components / Operating system package or component xmlunit Operating systems & Components / Operating system package or component xmlstreambuffer Operating systems & Components / Operating system package or component xmlpull Operating systems & Components / Operating system package or component xmlgraphics-commons Operating systems & Components / Operating system package or component xml-maven-plugin Operating systems & Components / Operating system package or component xml-commons-resolver Operating systems & Components / Operating system package or component xml-commons-apis Operating systems & Components / Operating system package or component xerces-j2 Operating systems & Components / Operating system package or component xbean Operating systems & Components / Operating system package or component xalan-j2 Operating systems & Components / Operating system package or component wsdl4j Operating systems & Components / Operating system package or component ws-commons-util Operating systems & Components / Operating system package or component will-crash Operating systems & Components / Operating system package or component weld-parent Operating systems & Components / Operating system package or component voms-clients-java Operating systems & Components / Operating system package or component voms-api-java Operating systems & Components / Operating system package or component velocity Operating systems & Components / Operating system package or component vecmath1.2 Operating systems & Components / Operating system package or component univocity-parsers Operating systems & Components / Operating system package or component truth Operating systems & Components / Operating system package or component trilead-ssh2 Operating systems & Components / Operating system package or component treelayout Operating systems & Components / Operating system package or component tomcat-taglibs-parent Operating systems & Components / Operating system package or component tomcat-native Operating systems & Components / Operating system package or component tomcat Operating systems & Components / Operating system package or component testng Operating systems & Components / Operating system package or component tagsoup Operating systems & Components / Operating system package or component t-digest Operating systems & Components / Operating system package or component swing-layout Operating systems & Components / Operating system package or component subversion Operating systems & Components / Operating system package or component string-template-maven-plugin Operating systems & Components / Operating system package or component spice-parent Operating systems & Components / Operating system package or component spec-version-maven-plugin Operating systems & Components / Operating system package or component snip Operating systems & Components / Operating system package or component snakeyaml Operating systems & Components / Operating system package or component slf4j Operating systems & Components / Operating system package or component sisu-mojos Operating systems & Components / Operating system package or component sisu Operating systems & Components / Operating system package or component sequence-library Operating systems & Components / Operating system package or component sdljava Operating systems & Components / Operating system package or component scannotation Operating systems & Components / Operating system package or component scala Operating systems & Components / Operating system package or component sblim-cim-client Operating systems & Components / Operating system package or component sat4j Operating systems & Components / Operating system package or component sac Operating systems & Components / Operating system package or component rundoc Operating systems & Components / Operating system package or component rsyntaxtextarea Operating systems & Components / Operating system package or component rstudio Operating systems & Components / Operating system package or component rhino Operating systems & Components / Operating system package or component replacer Operating systems & Components / Operating system package or component relaxng-datatype-java Operating systems & Components / Operating system package or component regexp Operating systems & Components / Operating system package or component reflections Operating systems & Components / Operating system package or component qdox Operating systems & Components / Operating system package or component python-javaobj Operating systems & Components / Operating system package or component prometheus-simpleclient-java Operating systems & Components / Operating system package or component prometheus-jmx-exporter Operating systems & Components / Operating system package or component proguard Operating systems & Components / Operating system package or component postgresql-jdbc Operating systems & Components / Operating system package or component plexus-xml Operating systems & Components / Operating system package or component plexus-velocity Operating systems & Components / Operating system package or component plexus-utils Operating systems & Components / Operating system package or component plexus-testing Operating systems & Components / Operating system package or component plexus-sec-dispatcher Operating systems & Components / Operating system package or component plexus-resources Operating systems & Components / Operating system package or component plexus-pom Operating systems & Components / Operating system package or component plexus-languages Operating systems & Components / Operating system package or component plexus-io Operating systems & Components / Operating system package or component plexus-interpolation Operating systems & Components / Operating system package or component plexus-i18n Operating systems & Components / Operating system package or component plexus-containers Operating systems & Components / Operating system package or component plexus-components-pom Operating systems & Components / Operating system package or component plexus-compiler Operating systems & Components / Operating system package or component plexus-classworlds Operating systems & Components / Operating system package or component plexus-cipher Operating systems & Components / Operating system package or component plexus-build-api0 Operating systems & Components / Operating system package or component plexus-build-api Operating systems & Components / Operating system package or component plexus-archiver Operating systems & Components / Operating system package or component plantuml Operating systems & Components / Operating system package or component picocli Operating systems & Components / Operating system package or component pentaho-reporting-flow-engine Operating systems & Components / Operating system package or component pentaho-libxml Operating systems & Components / Operating system package or component pdftk-java Operating systems & Components / Operating system package or component pcfi Operating systems & Components / Operating system package or component osgi-core Operating systems & Components / Operating system package or component osgi-compendium Operating systems & Components / Operating system package or component osgi-annotation Operating systems & Components / Operating system package or component options Operating systems & Components / Operating system package or component opentest4j Operating systems & Components / Operating system package or component openni Operating systems & Components / Operating system package or component openjfx8 Operating systems & Components / Operating system package or component openjfx Operating systems & Components / Operating system package or component openjdk-asmtools7 Operating systems & Components / Operating system package or component octave Operating systems & Components / Operating system package or component objenesis Operating systems & Components / Operating system package or component objectweb-asm Operating systems & Components / Operating system package or component nom-tam-fits Operating systems & Components / Operating system package or component nekohtml Operating systems & Components / Operating system package or component naga Operating systems & Components / Operating system package or component mysql-connector-java Operating systems & Components / Operating system package or component mxparser Operating systems & Components / Operating system package or component msv Operating systems & Components / Operating system package or component mojo-parent Operating systems & Components / Operating system package or component mojo-executor Operating systems & Components / Operating system package or component modulemaker-maven-plugin Operating systems & Components / Operating system package or component moditect Operating systems & Components / Operating system package or component modello Operating systems & Components / Operating system package or component mockito Operating systems & Components / Operating system package or component miglayout Operating systems & Components / Operating system package or component mecab-java Operating systems & Components / Operating system package or component maven-wagon Operating systems & Components / Operating system package or component maven-verifier-plugin Operating systems & Components / Operating system package or component maven-verifier Operating systems & Components / Operating system package or component maven-surefire Operating systems & Components / Operating system package or component maven-source-plugin Operating systems & Components / Operating system package or component maven-shared-utils Operating systems & Components / Operating system package or component maven-shared-io Operating systems & Components / Operating system package or component maven-shared-incremental Operating systems & Components / Operating system package or component maven-shade-plugin Operating systems & Components / Operating system package or component maven-resources-plugin Operating systems & Components / Operating system package or component maven-resolver Operating systems & Components / Operating system package or component maven-remote-resources-plugin Operating systems & Components / Operating system package or component maven-plugin-tools Operating systems & Components / Operating system package or component maven-plugin-testing Operating systems & Components / Operating system package or component maven-patch-plugin Operating systems & Components / Operating system package or component maven-parent Operating systems & Components / Operating system package or component maven-native Operating systems & Components / Operating system package or component maven-jar-plugin Operating systems & Components / Operating system package or component maven-filtering Operating systems & Components / Operating system package or component maven-file-management Operating systems & Components / Operating system package or component maven-enforcer Operating systems & Components / Operating system package or component maven-doxia-sitetools Operating systems & Components / Operating system package or component maven-doxia Operating systems & Components / Operating system package or component maven-dependency-tree Operating systems & Components / Operating system package or component maven-dependency-plugin Operating systems & Components / Operating system package or component maven-dependency-analyzer Operating systems & Components / Operating system package or component maven-compiler-plugin Operating systems & Components / Operating system package or component maven-common-artifact-filters Operating systems & Components / Operating system package or component maven-clean-plugin Operating systems & Components / Operating system package or component maven-bundle-plugin Operating systems & Components / Operating system package or component maven-assembly-plugin Operating systems & Components / Operating system package or component maven-artifact-transfer Operating systems & Components / Operating system package or component maven-archiver Operating systems & Components / Operating system package or component maven-antrun-plugin Operating systems & Components / Operating system package or component maven Operating systems & Components / Operating system package or component mariadb-java-client Operating systems & Components / Operating system package or component lucene Operating systems & Components / Operating system package or component log4j Operating systems & Components / Operating system package or component libvirt-java Operating systems & Components / Operating system package or component libserializer Operating systems & Components / Operating system package or component librepository Operating systems & Components / Operating system package or component libreoffice Operating systems & Components / Operating system package or component libloader Operating systems & Components / Operating system package or component liblayout Operating systems & Components / Operating system package or component libformula Operating systems & Components / Operating system package or component libfonts Operating systems & Components / Operating system package or component libbase Operating systems & Components / Operating system package or component ldapjdk Operating systems & Components / Operating system package or component laf-plugin Operating systems & Components / Operating system package or component kawa Operating systems & Components / Operating system package or component jzlib Operating systems & Components / Operating system package or component junit5 Operating systems & Components / Operating system package or component junit Operating systems & Components / Operating system package or component jtidy Operating systems & Components / Operating system package or component jssc Operating systems & Components / Operating system package or component jss Operating systems & Components / Operating system package or component jsr-305 Operating systems & Components / Operating system package or component jsoup Operating systems & Components / Operating system package or component json_simple Operating systems & Components / Operating system package or component jsch-agent-proxy Operating systems & Components / Operating system package or component jsch Operating systems & Components / Operating system package or component jorbis Operating systems & Components / Operating system package or component jolokia-jvm-agent Operating systems & Components / Operating system package or component jol Operating systems & Components / Operating system package or component jni-inchi Operating systems & Components / Operating system package or component jneuroml-core Operating systems & Components / Operating system package or component jna Operating systems & Components / Operating system package or component jmock Operating systems & Components / Operating system package or component jline2 Operating systems & Components / Operating system package or component jigawatts Operating systems & Components / Operating system package or component jgoodies-looks Operating systems & Components / Operating system package or component jgoodies-forms Operating systems & Components / Operating system package or component jgoodies-common Operating systems & Components / Operating system package or component jglobus Operating systems & Components / Operating system package or component jgit Operating systems & Components / Operating system package or component jfreechart Operating systems & Components / Operating system package or component jflex Operating systems & Components / Operating system package or component jetty Operating systems & Components / Operating system package or component jericho-html Operating systems & Components / Operating system package or component jdom2 Operating systems & Components / Operating system package or component jdom Operating systems & Components / Operating system package or component jdepend Operating systems & Components / Operating system package or component jdeparser Operating systems & Components / Operating system package or component jcuber Operating systems & Components / Operating system package or component jctools Operating systems & Components / Operating system package or component jcip-annotations Operating systems & Components / Operating system package or component jchardet Operating systems & Components / Operating system package or component jboss-parent Operating systems & Components / Operating system package or component jboss-logging-tools Operating systems & Components / Operating system package or component jboss-logging Operating systems & Components / Operating system package or component jboss-jaxrs-2.0-api Operating systems & Components / Operating system package or component jblas Operating systems & Components / Operating system package or component jaxen Operating systems & Components / Operating system package or component jaxb-stax-ex Operating systems & Components / Operating system package or component jaxb-istack-commons Operating systems & Components / Operating system package or component jaxb-fi Operating systems & Components / Operating system package or component jaxb-dtd-parser Operating systems & Components / Operating system package or component jaxb-api2 Operating systems & Components / Operating system package or component jaxb-api Operating systems & Components / Operating system package or component jaxb Operating systems & Components / Operating system package or component javassist Operating systems & Components / Operating system package or component javaparser Operating systems & Components / Operating system package or component javapackages-tools Operating systems & Components / Operating system package or component javapackages-bootstrap Operating systems & Components / Operating system package or component javaewah Operating systems & Components / Operating system package or component javacc-maven-plugin Operating systems & Components / Operating system package or component javacc Operating systems & Components / Operating system package or component java_cup Operating systems & Components / Operating system package or component java-scrypt Operating systems & Components / Operating system package or component java-jd-decompiler Operating systems & Components / Operating system package or component java-diff-utils Operating systems & Components / Operating system package or component java-21-openjdk Operating systems & Components / Operating system package or component java-17-openjdk-portable Operating systems & Components / Operating system package or component java-17-openjdk Operating systems & Components / Operating system package or component java-11-openjdk-portable Operating systems & Components / Operating system package or component java-11-openjdk Operating systems & Components / Operating system package or component java-1.8.0-openjdk Operating systems & Components / Operating system package or component jansi1 Operating systems & Components / Operating system package or component jansi-native Operating systems & Components / Operating system package or component jansi Operating systems & Components / Operating system package or component jakarta-xml-ws Operating systems & Components / Operating system package or component jakarta-servlet Operating systems & Components / Operating system package or component jakarta-saaj Operating systems & Components / Operating system package or component jakarta-oro Operating systems & Components / Operating system package or component jakarta-mail Operating systems & Components / Operating system package or component jakarta-json Operating systems & Components / Operating system package or component jakarta-interceptors Operating systems & Components / Operating system package or component jakarta-el Operating systems & Components / Operating system package or component jakarta-annotations Operating systems & Components / Operating system package or component jakarta-activation1 Operating systems & Components / Operating system package or component jakarta-activation Operating systems & Components / Operating system package or component jacop Operating systems & Components / Operating system package or component jackson-parent Operating systems & Components / Operating system package or component jackson-modules-base Operating systems & Components / Operating system package or component jackson-jaxrs-providers Operating systems & Components / Operating system package or component jackson-databind Operating systems & Components / Operating system package or component jackson-core Operating systems & Components / Operating system package or component jackson-bom Operating systems & Components / Operating system package or component jackson-annotations Operating systems & Components / Operating system package or component jFormatString Operating systems & Components / Operating system package or component imagej Operating systems & Components / Operating system package or component icu4j Operating systems & Components / Operating system package or component icedtea-web Operating systems & Components / Operating system package or component icecat Operating systems & Components / Operating system package or component httpcomponents-project Operating systems & Components / Operating system package or component httpcomponents-core Operating systems & Components / Operating system package or component httpcomponents-client Operating systems & Components / Operating system package or component hibernate-jpa-2.0-api Operating systems & Components / Operating system package or component hawtjni Operating systems & Components / Operating system package or component hamcrest Operating systems & Components / Operating system package or component guava Operating systems & Components / Operating system package or component google-guice Operating systems & Components / Operating system package or component gnulib Operating systems & Components / Operating system package or component fusesource-pom Operating systems & Components / Operating system package or component frysk Operating systems & Components / Operating system package or component freerouting Operating systems & Components / Operating system package or component freecol Operating systems & Components / Operating system package or component forge-parent Operating systems & Components / Operating system package or component fop Operating systems & Components / Operating system package or component flute Operating systems & Components / Operating system package or component fishbowl Operating systems & Components / Operating system package or component filedrop Operating systems & Components / Operating system package or component fernflower Operating systems & Components / Operating system package or component felix-utils Operating systems & Components / Operating system package or component felix-parent Operating systems & Components / Operating system package or component fasterxml-oss-parent Operating systems & Components / Operating system package or component extra-enforcer-rules Operating systems & Components / Operating system package or component enjarify Operating systems & Components / Operating system package or component ed25519-java Operating systems & Components / Operating system package or component eclipse-swt Operating systems & Components / Operating system package or component ecj Operating systems & Components / Operating system package or component easymock Operating systems & Components / Operating system package or component dogtag-pki Operating systems & Components / Operating system package or component ditaa Operating systems & Components / Operating system package or component disruptor Operating systems & Components / Operating system package or component dirgra Operating systems & Components / Operating system package or component directory-maven-plugin Operating systems & Components / Operating system package or component diffoscope Operating systems & Components / Operating system package or component decentxml Operating systems & Components / Operating system package or component crypto-policies Operating systems & Components / Operating system package or component cryptlib Operating systems & Components / Operating system package or component cortado Operating systems & Components / Operating system package or component console-image-viewer Operating systems & Components / Operating system package or component colossus Operating systems & Components / Operating system package or component codehaus-parent Operating systems & Components / Operating system package or component clojure-spec-alpha Operating systems & Components / Operating system package or component clojure-maven-plugin Operating systems & Components / Operating system package or component clojure-core-specs-alpha Operating systems & Components / Operating system package or component clojure Operating systems & Components / Operating system package or component classloader-leak-test-framework Operating systems & Components / Operating system package or component chromium Operating systems & Components / Operating system package or component cglib Operating systems & Components / Operating system package or component ceph Operating systems & Components / Operating system package or component cdi-api Operating systems & Components / Operating system package or component canl-java Operating systems & Components / Operating system package or component cambozola Operating systems & Components / Operating system package or component byteman Operating systems & Components / Operating system package or component byte-buddy Operating systems & Components / Operating system package or component build-helper-maven-plugin Operating systems & Components / Operating system package or component bsh Operating systems & Components / Operating system package or component bsf Operating systems & Components / Operating system package or component brazil Operating systems & Components / Operating system package or component bouncycastle Operating systems & Components / Operating system package or component bolzplatz2006 Operating systems & Components / Operating system package or component beust-jcommander Operating systems & Components / Operating system package or component beansbinding Operating systems & Components / Operating system package or component bcel Operating systems & Components / Operating system package or component batik Operating systems & Components / Operating system package or component auto Operating systems & Components / Operating system package or component atinject Operating systems & Components / Operating system package or component assertj-core Operating systems & Components / Operating system package or component args4j Operating systems & Components / Operating system package or component aqute-bnd Operating systems & Components / Operating system package or component apiguardian Operating systems & Components / Operating system package or component apache-resource-bundles Operating systems & Components / Operating system package or component apache-parent Operating systems & Components / Operating system package or component apache-ivy Operating systems & Components / Operating system package or component apache-commons-vfs Operating systems & Components / Operating system package or component apache-commons-text Operating systems & Components / Operating system package or component apache-commons-pool Operating systems & Components / Operating system package or component apache-commons-parent Operating systems & Components / Operating system package or component apache-commons-net Operating systems & Components / Operating system package or component apache-commons-modeler Operating systems & Components / Operating system package or component apache-commons-math Operating systems & Components / Operating system package or component apache-commons-logging Operating systems & Components / Operating system package or component apache-commons-lang3 Operating systems & Components / Operating system package or component apache-commons-jxpath Operating systems & Components / Operating system package or component apache-commons-io Operating systems & Components / Operating system package or component apache-commons-exec Operating systems & Components / Operating system package or component apache-commons-digester Operating systems & Components / Operating system package or component apache-commons-compress Operating systems & Components / Operating system package or component apache-commons-collections4 Operating systems & Components / Operating system package or component apache-commons-collections Operating systems & Components / Operating system package or component apache-commons-codec Operating systems & Components / Operating system package or component apache-commons-cli Operating systems & Components / Operating system package or component apache-commons-beanutils Operating systems & Components / Operating system package or component aopalliance Operating systems & Components / Operating system package or component antlrworks Operating systems & Components / Operating system package or component antlr3 Operating systems & Components / Operating system package or component antlr Operating systems & Components / Operating system package or component ant-antunit Operating systems & Components / Operating system package or component ant Operating systems & Components / Operating system package or component R-rJava Operating systems & Components / Operating system package or component OpenStego Operating systems & Components / Operating system package or component Mars Operating systems & Components / Operating system package or component IPAddress Operating systems & Components / Operating system package or component CardManager Operating systems & Components / Operating system package or component CFR Operating systems & Components / Operating system package or component BareBonesBrowserLaunch Operating systems & Components / Operating system package or component
Vendor	Fedoraproject

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Type Confusion

EUVDB-ID: #VU86857

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-1938

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 engine. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 40

xz-java: before 1.9-10.fc40

xstream: before 1.4.20-6.fc40

xmvn-generator: before 1.2.2-3.fc40

xmvn-connector-ivy: before 4.0.0-3.fc40

xmvn: before 4.2.0-8.fc40

xmlunit: before 2.9.0-11.fc40

xmlstreambuffer: before 2.1.0-5.fc40

xmlpull: before 1.2.0-9.fc40

xmlgraphics-commons: before 2.9-3.fc40

xml-maven-plugin: before 1.1.0-3.fc40

xml-commons-resolver: before 1.2-44.fc40

xml-commons-apis: before 1.4.01-46.fc40

xerces-j2: before 2.12.2-10.fc40

xbean: before 4.24-3.fc40

xalan-j2: before 2.7.3-3.fc40

wsdl4j: before 1.6.3-30.fc40

ws-commons-util: before 1.0.2-24.fc40

will-crash: before 0.13.5-6.fc40

weld-parent: before 46-7.fc40

voms-clients-java: before 3.3.2-13.fc40

voms-api-java: before 3.3.2-16.fc40

velocity: before 2.3-5.fc40

vecmath1.2: before 1.14-36.fc40

univocity-parsers: before 2.9.1-13.fc40

truth: before 1.0.1-11.fc40

trilead-ssh2: before 217.21-13.fc40

treelayout: before 1.0.3-23.fc40

tomcat-taglibs-parent: before 3-24.fc40

tomcat-native: before 1.2.36-4.fc40

tomcat: before 9.0.83-3.fc40

testng: before 7.8.0-5.fc40

tagsoup: before 1.2.1-32.fc40

t-digest: before 3.2-8.fc40

swing-layout: before 1.0.4-30.fc40

subversion: before 1.14.3-5.fc40

string-template-maven-plugin: before 1.1-13.fc40

spice-parent: before 26-24.fc40

spec-version-maven-plugin: before 2.2-3.fc40

snip: before 0.11-25.fc40

snakeyaml: before 1.33-3.fc40

slf4j: before 1.7.32-12.fc40

sisu-mojos: before 0.9.0~M2-4.fc40

sisu: before 0.3.5-13.fc40

sequence-library: before 1.0.3-18.fc40

sdljava: before 0.9.1-62.fc40

scannotation: before 1.0.3-0.33.r12.fc40

scala: before 2.13.12-7.fc40

sblim-cim-client: before 1.3.9.3-34.fc40

sat4j: before 2.3.5-30.fc40

sac: before 1.3-46.fc40

rundoc: before 0.11-25.fc40

rsyntaxtextarea: before 3.1.3-11.fc40

rstudio: before 2023.12.1+402-2.fc40

rhino: before 1.7.14-10.fc40

replacer: before 1.6-30.fc40

relaxng-datatype-java: before 2011.1-4.fc40

regexp: before 1.5-48.fc40

reflections: before 0.9.12-17.fc40

qdox: before 2.1.0-3.fc40

python-javaobj: before 0.4.3-12.fc40

prometheus-simpleclient-java: before 0.12.0-11.fc40

prometheus-jmx-exporter: before 0.16.1-13.fc40

proguard: before 6.2.2-5.fc40

postgresql-jdbc: before 42.7.1-4.fc40

plexus-xml: before 3.0.0-2.fc40

plexus-velocity: before 2.0-6.fc40

plexus-utils: before 3.5.1-8.fc40

plexus-testing: before 1.3.0-2.fc40

plexus-sec-dispatcher: before 2.0-14.fc40

plexus-resources: before 1.3.0-4.fc40

plexus-pom: before 16-3.fc40

plexus-languages: before 1.2.0-6.fc40

plexus-io: before 3.4.2-3.fc40

plexus-interpolation: before 1.27-3.fc40

plexus-i18n: before 1.0-0.31.b10.4.fc40

plexus-containers: before 2.2.0-3.fc40

plexus-components-pom: before 14.2-5.fc40

plexus-compiler: before 2.14.2-3.fc40

plexus-classworlds: before 2.8.0-3.fc40

plexus-cipher: before 2.0-11.fc40

plexus-build-api0: before 0.0.7-44.fc40

plexus-build-api: before 1.2.0-6.fc40

plexus-archiver: before 4.9.1-3.fc40

plantuml: before 1.2024.3-3.fc40

picocli: before 4.7.4-5.fc40

pentaho-reporting-flow-engine: before 0.9.4-35.fc40

pentaho-libxml: before 1.1.3-42.fc40

pdftk-java: before 3.3.3-6.fc40

pcfi: before 2010.08.09-30.20111103gitbd245c9.fc40

osgi-core: before 8.0.0-13.fc40

osgi-compendium: before 7.0.0-20.fc40

osgi-annotation: before 8.1.0-6.fc40

options: before 1.7-10.fc40

opentest4j: before 1.3.0-6.fc40

openni: before 1.5.7.10-33.fc40

openjfx8: before 8.0.202-40.b07.fc40

openjfx: before 17.0.11.0-2.fc40

openjdk-asmtools7: before 7.0.b10-0.11.20210610.gitf40a2c0.fc40

octave: before 8.4.0-6.fc40

objenesis: before 3.3-9.fc40

objectweb-asm: before 9.6-5.fc40

nom-tam-fits: before 1.15.2-22.fc40

nekohtml: before 1.9.22-26.fc40

naga: before 3.0-26.20200930git6f1e95d.fc40

mysql-connector-java: before 8.0.30-6.fc40

mxparser: before 1.2.2-10.fc40

msv: before 2022.7-4.fc40

mojo-parent: before 78-3.fc40

mojo-executor: before 2.4.0-9.fc40

modulemaker-maven-plugin: before 1.11-1.fc40

moditect: before 1.1.0-2.fc40

modello: before 2.1.2-6.fc40

mockito: before 5.8.0-5.fc40

miglayout: before 5.0-4.fc40

mecab-java: before 0.996-8.fc40

maven-wagon: before 3.5.3-7.fc40

maven-verifier-plugin: before 1.1-6.fc40

maven-verifier: before 2.0.0~M1-7.fc40

maven-surefire: before 3.2.2-5.fc40

maven-source-plugin: before 3.3.0-6.fc40

maven-shared-utils: before 3.4.2-7.fc40

maven-shared-io: before 3.0.0-25.fc40

maven-shared-incremental: before 1.1-33.fc40

maven-shade-plugin: before 3.5.1-4.fc40

maven-resources-plugin: before 3.3.1-6.fc40

maven-resolver: before 1.9.18-3.fc40

maven-remote-resources-plugin: before 3.1.0-6.fc40

maven-plugin-tools: before 3.9.0-6.fc40

maven-plugin-testing: before 3.3.0-33.fc40

maven-patch-plugin: before 1.2-27.fc40

maven-parent: before 41-5.fc40

maven-native: before 1.0-0.18.alpha.11.fc40

maven-jar-plugin: before 3.3.0-6.fc40

maven-filtering: before 3.3.1-6.fc40

maven-file-management: before 3.1.0-6.fc40

maven-enforcer: before 3.4.1-3.fc40

maven-doxia-sitetools: before 1.11.1-10.fc40

maven-doxia: before 1.12.0-7.fc40

maven-dependency-tree: before 3.2.1-6.fc40

maven-dependency-plugin: before 3.6.1-3.fc40

maven-dependency-analyzer: before 1.13.2-6.fc40

maven-compiler-plugin: before 3.12.1-3.fc40

maven-common-artifact-filters: before 3.3.2-6.fc40

maven-clean-plugin: before 3.3.2-4.fc40

maven-bundle-plugin: before 5.1.9-5.fc40

maven-assembly-plugin: before 3.6.0-6.fc40

maven-artifact-transfer: before 0.13.1-14.fc40

maven-archiver: before 3.6.1-6.fc40

maven-antrun-plugin: before 3.1.0-9.fc40

maven: before 3.9.6-5.fc40

mariadb-java-client: before 3.3.2-4.fc40

lucene: before 9.9.2-2.fc40

log4j: before 2.20.0-7.fc40

libvirt-java: before 0.4.9-29.fc40

libserializer: before 1.1.2-42.fc40

librepository: before 1.1.3-43.fc40

libreoffice: before 24.2.1.1-3.fc40

libloader: before 1.1.3-44.fc40

liblayout: before 0.2.10-36.fc40

libformula: before 1.1.3-43.fc40

libfonts: before 1.1.3-46.fc40

libbase: before 1.1.3-42.fc40

ldapjdk: before 5.5.0-2.fc40

laf-plugin: before 1.0-35.fc40

kawa: before 3.1.1-19.fc40

jzlib: before 1.1.3-30.fc40

junit5: before 5.10.2-3.fc40

junit: before 4.13.2-6.fc40

jtidy: before 1.0-0.45.20100930svn1125.fc40

jssc: before 2.8.0-30.fc40

jss: before 5.5.0-1.fc40.1

jsr-305: before 3.0.2-15.fc40

jsoup: before 1.17.2-2.fc40

json_simple: before 1.1.1-34.fc40

jsch-agent-proxy: before 0.0.8-25.fc40

jsch: before 0.1.55-16.fc40

jorbis: before 0.0.17-34.fc40

jolokia-jvm-agent: before 1.6.2-17.fc40

jol: before 0.17-5.fc40

jni-inchi: before 0.8-11.fc40

jneuroml-core: before 1.6.1-14.fc40

jna: before 5.14.0-4.fc40

jmock: before 2.12.0-16.fc40

jline2: before 2.14.6-12.fc40

jigawatts: before 0.2-0.12.202108276c78499.fc40

jgoodies-looks: before 2.7.0-11.fc40

jgoodies-forms: before 1.9.0-11.fc40

jgoodies-common: before 1.8.1-21.fc40

jglobus: before 2.1.0-35.fc40

jgit: before 6.1.0-9.fc40

jfreechart: before 1.5.4-5.fc40

jflex: before 1.7.0-18.fc40

jetty: before 9.4.40-11.fc40

jericho-html: before 3.3-30.fc40

jdom2: before 2.0.6.1-7.fc40

jdom: before 1.1.3-37.fc40

jdepend: before 2.10-10.fc40

jdeparser: before 2.0.3-17.fc40

jcuber: before 4.8-6.fc40

jctools: before 4.0.2-3.fc40

jcip-annotations: before 1-43.20060626.fc40

jchardet: before 1.1-34.fc40

jboss-parent: before 20-21.fc40

jboss-logging-tools: before 2.2.1-17.fc40

jboss-logging: before 3.5.3-5.fc40

jboss-jaxrs-2.0-api: before 1.0.0-27.fc40

jblas: before 1.2.5-15.fc40

jaxen: before 1.2.0-17.fc40

jaxb-stax-ex: before 2.1.0-8.fc40

jaxb-istack-commons: before 4.2.0-8.fc40

jaxb-fi: before 2.1.1-5.fc40

jaxb-dtd-parser: before 1.5.1-5.fc40

jaxb-api2: before 2.3.3-10.fc40

jaxb-api: before 4.0.1-5.fc40

jaxb: before 4.0.4-6.fc40

javassist: before 3.30.2-4.fc40

javaparser: before 3.25.8-3.fc40

javapackages-tools: before 6.2.0-9.fc40

javapackages-bootstrap: before 1.16.0-3.fc40

javaewah: before 1.1.13-10.fc40

javacc-maven-plugin: before 3.1.0-1.fc40

javacc: before 7.0.13-5.fc40

java_cup: before 0.11b-29.fc40

java-scrypt: before 1.4.0-24.fc40

java-jd-decompiler: before 1.1.3-8.fc40

java-diff-utils: before 4.12-7.fc40

java-21-openjdk: before 21.0.2.0.13-2.fc40

java-17-openjdk-portable: before 17.0.10.0.7-1.fc40.1

java-17-openjdk: before 17.0.10.0.7-2.fc40

java-11-openjdk-portable: before 11.0.22.0.7-1.fc40.1

java-11-openjdk: before 11.0.22.0.7-1.fc40.1

java-1.8.0-openjdk: before 1.8.0.402.b06-1.fc40.1

jansi1: before 1.18-21.fc40

jansi-native: before 1.8-18.fc40

jansi: before 2.4.1-3.fc40

jakarta-xml-ws: before 4.0.0-6.fc40

jakarta-servlet: before 5.0.0-18.fc40

jakarta-saaj: before 3.0.0-6.fc40

jakarta-oro: before 2.0.8-44.fc40

jakarta-mail: before 2.1.2-5.fc40

jakarta-json: before 2.1.3-4.fc40

jakarta-interceptors: before 2.0.0-12.fc40

jakarta-el: before 4.0.0-14.fc40

jakarta-annotations: before 1.3.5-22.fc40

jakarta-activation1: before 1.2.2-13.fc40

jakarta-activation: before 2.1.2-6.fc40

jacop: before 4.9.0-5.fc40

jackson-parent: before 2.16-4.fc40

jackson-modules-base: before 2.16.1-3.fc40

jackson-jaxrs-providers: before 2.16.1-3.fc40

jackson-databind: before 2.16.1-4.fc40

jackson-core: before 2.16.1-4.fc40

jackson-bom: before 2.16.1-3.fc40

jackson-annotations: before 2.16.1-3.fc40

jFormatString: before 0-0.49.20131227gitf159b88.fc40

imagej: before 1.54h-4.fc40

icu4j: before 74.2-4.fc40

icedtea-web: before 1.8.8-5.fc40

icecat: before 115.8.0-2.rh1.fc40

httpcomponents-project: before 13-6.fc40

httpcomponents-core: before 4.4.16-8.fc40

httpcomponents-client: before 4.5.14-8.fc40

hibernate-jpa-2.0-api: before 1.0.1-40.fc40

hawtjni: before 1.18-12.fc40

hamcrest: before 2.2-16.fc40

guava: before 32.1.3-5.fc40

google-guice: before 5.1.0-11.fc40

gnulib: before 0-50.20230709git.fc40

fusesource-pom: before 1.12-18.fc40

frysk: before 0.4-94.fc40

freerouting: before 1.3.1-17.fc40

freecol: before 1.1.0-4.fc40

forge-parent: before 38-28.fc40

fop: before 2.9-6.fc40

flute: before 1.3.0-37.OOo31.fc40

fishbowl: before 1.4.1-9.fc40

filedrop: before 1.1-24.fc40

fernflower: before 211.7442.40-11.fc40

felix-utils: before 1.11.8-9.fc40

felix-parent: before 8-5.fc40

fasterxml-oss-parent: before 58-2.fc40

extra-enforcer-rules: before 1.7.0-6.fc40

enjarify: before 1.0.3-35.fc40

ed25519-java: before 0.3.0-21.fc40

eclipse-swt: before 4.29-4.fc40

ecj: before 4.23-9.fc40

easymock: before 4.3-8.fc40

dogtag-pki: before 11.5.0-1.fc40.1

ditaa: before 0.10-24.fc40

disruptor: before 3.4.4-11.fc40

dirgra: before 0.4-12.fc40

directory-maven-plugin: before 0.3.1-15.fc40

diffoscope: before 257-2.fc40

decentxml: before 1.4-35.fc40

crypto-policies: before 20240201-2.git9f501f3.fc40

cryptlib: before 3.4.7-5.fc40

cortado: before 0.6.0-32.fc40

console-image-viewer: before 1.2-24.fc40

colossus: before 0.14.0-27.fc40

codehaus-parent: before 4-30.fc40

clojure-spec-alpha: before 0.3.218-8.fc40

clojure-maven-plugin: before 1.9.2-6.fc40

clojure-core-specs-alpha: before 0.2.62-8.fc40

clojure: before 1.11.1-8.fc40

classloader-leak-test-framework: before 2.7.0-8.fc40

chromium: before 122.0.6261.94-2.fc40

cglib: before 3.3.0-15.fc40

ceph: before 18.2.1-10.fc40

cdi-api: before 2.0.2-14.fc40

canl-java: before 2.8.3-5.fc40

cambozola: before 0.936-24.fc40

byteman: before 4.0.16-13.fc40

byte-buddy: before 1.14.2-8.fc40

build-helper-maven-plugin: before 3.5.0-4.fc40

bsh: before 2.1.0-12.fc40

bsf: before 2.4.0-54.fc40

brazil: before 2.3-36.fc40

bouncycastle: before 1.70-13.fc40

bolzplatz2006: before 1.0.3-58.fc40

beust-jcommander: before 1.82-9.fc40

beansbinding: before 1.2.1-36.fc40

bcel: before 6.8.1-3.fc40

batik: before 1.14-13.fc40

auto: before 1.6.1-10.fc40

atinject: before 1.0.5-12.fc40

assertj-core: before 3.24.2-8.fc40

args4j: before 2.33-26.fc40

aqute-bnd: before 6.3.1-10.fc40

apiguardian: before 1.1.2-12.fc40

apache-resource-bundles: before 1.5-7.fc40

apache-parent: before 31-5.fc40

apache-ivy: before 2.5.2-4.fc40

apache-commons-vfs: before 2.9.0-5.fc40

apache-commons-text: before 1.10.0-6.fc40

apache-commons-pool: before 1.6-37.fc40

apache-commons-parent: before 66-3.fc40

apache-commons-net: before 3.10.0-5.fc40

apache-commons-modeler: before 2.0.1-40.fc40

apache-commons-math: before 3.6.1-18.fc40

apache-commons-logging: before 1.3.0-5.fc40

apache-commons-lang3: before 3.14.0-5.fc40

apache-commons-jxpath: before 1.3-52.fc40

apache-commons-io: before 2.13.0-8.fc40

apache-commons-exec: before 1.3-31.fc40

apache-commons-digester: before 2.1-30.fc40

apache-commons-compress: before 1.25.0-5.fc40

apache-commons-collections4: before 4.4-15.fc40

apache-commons-collections: before 3.2.2-36.fc40

apache-commons-codec: before 1.16.0-7.fc40

apache-commons-cli: before 1.6.0-5.fc40

apache-commons-beanutils: before 1.9.4-19.fc40

aopalliance: before 1.0-39.fc40

antlrworks: before 1.5.2-29.fc40

antlr3: before 3.5.3-10.fc40

antlr: before 2.7.7-77.fc40

ant-antunit: before 1.4.1-11.fc40

ant: before 1.10.14-10.fc40

R-rJava: before 1.0.6-9.fc40

OpenStego: before 0.7.4-12.fc40

Mars: before 4.5-26.fc40

IPAddress: before 5.2.1-17.fc40

CardManager: before 3-29.fc40

CFR: before 0.151-16.fc40

BareBonesBrowserLaunch: before 3.1-33.fc40

External links

http://bodhi.fedoraproject.org/updates/FEDORA-2024-129d8ca6fc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Type Confusion

EUVDB-ID: #VU86858