23.08.500.0

Need help?

Schedule a consultation with an Azul performance expert.

23.08.500.0

Release date: April 16, 2024

This CPU release is based on Azul Prime 23.08.402.0 and corresponds to the following OpenJDK versions:

Major Version	OpenJDK Version
8	1.8.0_411-b2
11	11.0.22.0.101+2-LTS
17	17.0.10.0.101+3-LTS

What’s New

April 2024 CPU release security fixes.

CVE fixes

CVE #	Component	Protocol	Remote Exploit w/o Auth.	Base Score	Attack Vector	Attack Complex	Privileges Req’d	User Interact	Scope	Confiden-tiality	Integrity	Availability	Versions Affected	Notes
CVE-2024-21011	Hotspot	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	None	Low	21, 17, 11, 8	Note 2
CVE-2024-21012	Networking	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	Low	None	21, 17, 11	Note 1
CVE-2024-21068	Hotspot	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	Low	None	21, 17, 11, 8	Note 2
CVE-2024-21085	Concurrency	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	None	Low	11, 8	Note 2
CVE-2023-41993 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	JavaFX (WebKitGTK)	Multiple	Yes	7.5	Network	High	None	Required	Unchanged	High	High	High	None	Note 1
CVE-2024-21892 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Oracle GraalVM for JDK	None	No	7.5	Local	High	Low	None	Changed	High	High	None	None
CVE-2024-20954 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition	Multiple	Yes	3.7	Network	High	None	None	Unchanged	Low	None	None	None
CVE-2024-21094 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Hotspot	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	Low	None	None
CVE-2024-21098 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	None	Low	None
CVE-2024-21003 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	JavaFX	Multiple	Yes	3.1	Network	High	None	Required	Unchanged	None	Low	None	None
CVE-2024-21005 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	JavaFX	Multiple	Yes	3.1	Network	High	None	Required	Unchanged	None	Low	None	None
CVE-2024-21002 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	JavaFX	None	No	2.5	Local	High	None	Required	Unchanged	None	Low	None	None
CVE-2024-21004 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	JavaFX	None	No	2.5	Local	High	None	Required	Unchanged	None	Low	None	None

CVE #

Component

Protocol

Remote Exploit w/o Auth.

Base Score

Attack Vector

Attack Complex

Privileges Req’d

User Interact

Scope

Confiden-tiality

Integrity

Availability

Versions Affected

Notes

CVE-2024-21011

Hotspot

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

21, 17, 11, 8

Note 2

CVE-2024-21012

Networking

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

None

21, 17, 11

Note 1

CVE-2024-21068

Hotspot

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

None

21, 17, 11, 8

Note 2

CVE-2024-21085

Concurrency

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

11, 8

Note 2

CVE-2023-41993 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

JavaFX (WebKitGTK)

Multiple

Yes

7.5

Network

High

None

Required

Unchanged

High

None

Note 1

CVE-2024-21892 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM for JDK

None

7.5

Local

High

Low

None

Changed

High

None

CVE-2024-20954 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition

Multiple

Yes

3.7

Network

High

None

Unchanged

Low

None

CVE-2024-21094 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Hotspot

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

None

CVE-2024-21098 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

None

CVE-2024-21003 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

JavaFX

Multiple

Yes

3.1

Network

High

None

Required

Unchanged

None

Low

None

CVE-2024-21005 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

JavaFX

Multiple

Yes

3.1

Network

High

None

Required

Unchanged

None

Low

None

CVE-2024-21002 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

JavaFX

None

2.5

Local

High

None

Required

Unchanged

None

Low

None

CVE-2024-21004 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

JavaFX

None

2.5

Local

High

None

Required

Unchanged

None

Low

None

Notes:

ID	Notes
1	This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
2	This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

Notes

This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

For more information about CVE and non-CVE security fixes in this release, refer to Common Vulnerabilities and Exposures Fixes for April 2024

Known Issues

There are no new issues to report in this release.

Resolved Issues

There are no resolved issues associated with this release.