CLSA-2022:1654174749

[CLSA-2022:1654174749] Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21426, CVE-2022-21496

Type:

security

Severity:

Important

Release date:

2022-06-02

Description:

- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09. That fixes following CVEs:
- CVE-2022-21476: Defective secure validation in Apache Santuario
- CVE-2022-21496: URI parsing inconsistencies
- CVE-2022-21434: Improper object-to-string conversion in AnnotationInvocationHandler
- CVE-2022-21426: Unbounded memory allocation when compiling crafted XPath expressions
- CVE-2022-21443: Missing check for negative ObjectIdentifier
- Remove patch files from previous change due to their presence in newer versions

Updated packages:

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el6.tuxcare.els1.x86_64.rpm
sha:8a58c934a4e3429a849f578fe2725e2f0e898e3d
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el6.tuxcare.els1.noarch.rpm
sha:d91e45e52ef4f43ce565c91b576bb4b0b55aa52f
java-1.8.0-openjdk-1.8.0.332.b09-1.el6.tuxcare.els1.x86_64.rpm
sha:e020b06799d5c16886f4de6255645ba69576b055
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el6.tuxcare.els1.x86_64.rpm
sha:f3777d4dd18f11883d0e3a07a621a86d00c9f5f4
java-1.8.0-openjdk-demo-debug-1.8.0.332.b09-1.el6.tuxcare.els1.x86_64.rpm
sha:73abb46cd2f5aeab6ebd4243624fdcc29e5875d3
java-1.8.0-openjdk-debug-1.8.0.332.b09-1.el6.tuxcare.els1.x86_64.rpm
sha:225aefa7169ead6a01233bcb873bb2518adec68f
java-1.8.0-openjdk-javadoc-debug-1.8.0.332.b09-1.el6.tuxcare.els1.noarch.rpm
sha:bbcafffd379c7e505b4c0440e2317c9e41ed73cf
java-1.8.0-openjdk-devel-debug-1.8.0.332.b09-1.el6.tuxcare.els1.x86_64.rpm
sha:6a09f9da247cdc2e4230cd1b014b27f5cb3566a8
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el6.tuxcare.els1.x86_64.rpm
sha:b26a622e3c5517439e144b0e480b2b8f5ca7ccfa
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el6.tuxcare.els1.x86_64.rpm
sha:0a24dc486952b22dafa21c5e9c549293765b4c11
java-1.8.0-openjdk-src-debug-1.8.0.332.b09-1.el6.tuxcare.els1.x86_64.rpm
sha:e00ed68bb79e2fdc3bb75b866b57e3bfe67bd797
java-1.8.0-openjdk-headless-debug-1.8.0.332.b09-1.el6.tuxcare.els1.x86_64.rpm
sha:08a881aef8f3e159059b90f3160ebdcdacbe7fd0

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.