Mageia Advisory: MGASA-2022-0261 - Updated java packages fix security vulnerability

Updated java packages fix security vulnerability

Publication date: 16 Jul 2022
Modification date: 16 Jul 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-21426 , CVE-2022-21434 , CVE-2022-21443 , CVE-2022-21476 , CVE-2022-21496

Description

OpenJDK: Defective secure validation in Apache Santuario (Libraries,
8278008) (CVE-2022-21476)
OpenJDK: Unbounded memory allocation when compiling crafted XPath
expressions (JAXP, 8270504) (CVE-2022-21426)
OpenJDK: Improper object-to-string conversion in
AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
(CVE-2022-21443)
OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)

References

https://bugs.mageia.org/show_bug.cgi?id=30401
https://access.redhat.com/errata/RHSA-2022:1491
https://access.redhat.com/errata/RHSA-2022:1442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21496

SRPMS

8/core

java-1.8.0-openjdk-1.8.0.332.b09-1.1.mga8
java-11-openjdk-11.0.15.0.10-1.mga8
timezone-2022a-1.mga8

Advisories » MGASA-2022-0261

Updated java packages fix security vulnerability

Description

References

SRPMS

8/core