Lucene search

K
cloudlinuxCloudLinuxCLSA-2022:1661176564
HistoryAug 22, 2022 - 1:56 p.m.

Fixed 50 CVEs in java-1.7.0-openjdk

2022-08-2213:56:04
repo.cloudlinux.com
76
java
security fixes
openjdk 7u351-b01
cve-2022-21540
cve-2022-21541
cve-2022-34169
cve-2022-21426
cve-2022-21434
cve-2022-21443
cve-2022-21476
cve-2022-21496
cve-2022-21248
cve-2022-21282
cve-2022-21283
cve-2022-21293
cve-2022-21294
cve-2022-21296
cve-2022-21299
cve-2022-21305
cve-2022-21340
cve-2022-21341
cve-2022-21349
cve-2022-21360
cve-2022-21365
cve-2021-35550
cve-2021-35556
cve-2021-35559
cve-2021-35561
cve-2021-35564
cve-2021-35565
cve-2021-35586
cve-2021-35588
cve-2021-35603
cve-2021-2341
cve-2021-2369
cve-2021-2432
cve-2021-2161
cve-2021-2163
cve-2020-14779
cve-2020-14781
cve-2020-14782
cve-2020-14792
cve-2020-14796
cve-2020-14797
cve-2020-14798
cve-2020-14803
cve-2020-14577
cve-2020-14578
cve-2020-14579
cve-2020-14581
cve-2020-14583
cve-2020-14593
cve-2020-14621
tzdata requirement
icedtea
jdk8076221-pr2809-disable_rc4_cipher_suites.patch
unix

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.005

Percentile

75.5%

  • Bump to 2.6.28 and OpenJDK 7u351-b01.
  • Security fixes in 7u351:
  • CVE-2022-21540: Improve class compilation (JDK-8281859)
  • CVE-2022-21541: Enhance MethodHandle invocations (JDK-8281866)
  • CVE-2022-34169: Improve Xalan supports (JDK-8285407)
  • Security fixes in 7u341:
  • CVE-2022-21426: Better XPath expression handling (JDK-8270504)
  • CVE-2022-21434: Better invocation handler handling (JDK-8277672)
  • CVE-2022-21443: Improved Object Identification (JDK-8275151)
  • CVE-2022-21476: Improve Santuario processing (JDK-8278008)
  • CVE-2022-21496: Improve URL supports (JDK-8278972)
  • Security fixes in 7u331:
  • CVE-2022-21248: Enhance cross VM serialization (JDK-8264934)
  • CVE-2022-21282: Better resolution of URIs (JDK-8270492)
  • CVE-2022-21283: Better String matching (JDK-8268813)
  • CVE-2022-21293: Improve String constructions (JDK-8270392)
  • CVE-2022-21294: Enhance construction of Identity maps (JDK-8270416)
  • CVE-2022-21296: Improve SAX Parser configuration management (JDK-8270498)
  • CVE-2022-21299: Improved scanning of XML entities (JDK-8270646)
  • CVE-2022-21305: Better array indexing (JDK-8272014)
  • CVE-2022-21340: Verify Jar Verification (JDK-8272026)
  • CVE-2022-21341: Improve serial forms for transport (JDK-8272236)
  • CVE-2022-21349: Improve Solaris font rendering (JDK-8273748)
  • CVE-2022-21360: Enhance BMP image support (JDK-8273756)
  • CVE-2022-21365: Enhanced BMP processing (JDK-8273838)
  • Security fixes in 7u321:
  • CVE-2021-35550: Update the default enabled cipher suites preference
    (JDK-8163326)
  • CVE-2021-35556: Richer Text Editors (JDK-8265167)
  • CVE-2021-35559: Enhanced style for RTF kit (JDK-8265580)
  • CVE-2021-35561: Better hashing support (JDK-8266097)
  • CVE-2021-35564: Improve Keystore integrity (JDK-8266137)
  • CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
    (JDK-8254967)
  • CVE-2021-35586: Better BMP support (JDK-8267735)
  • CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if
    InnerClasses attribute’s inner_class_info_index is 0 (JDK-8130183)
  • CVE-2021-35603: Better session identification (JDK-8269618)
  • Security fixes in 7u311:
  • CVE-2021-2341: Improve file transfers (JDK-8258432)
  • CVE-2021-2369: Better jar file validation (JDK-8260967)
  • CVE-2021-2432: Provide better LDAP provider support (JDK-8267412)
  • Security fixes in 7u301:
  • CVE-2021-2161: Less ambiguous processing (JDK-8250568)
  • CVE-2021-2163: Enhance opening JARs (JDK-8249906)
  • Security fixes in 7u281:
  • CVE-2020-14779: Enhance support of Proxy class (JDK-8236862)
  • CVE-2020-14781: Enhanced LDAP contexts (JDK-8237990)
  • CVE-2020-14782: Enhance certificate processing (JDK-8237995)
  • CVE-2020-14792: Better range handling (JDK-8241114)
  • CVE-2020-14796: Improved URI Support (JDK-8242680)
  • CVE-2020-14797: Better Path Validation (JDK-8242685)
  • CVE-2020-14798: Enhanced buffer support (JDK-8242695)
  • CVE-2020-14803: Improved Buffer supports (JDK-8244136)
  • Security fixes in 7u271:
  • CVE-2020-14577: Enhance certificate verification (JDK-8237592)
  • CVE-2020-14578: NegativeArraySizeException in
    sun.security.util.DerInputStream.getUnalignedBitString() (JDK-8028591)
  • CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
    (JDK-8028431)
  • CVE-2020-14581: Better matrix operations (JDK-8238002)
  • CVE-2020-14583: Better Buffer support (JDK-8238920)
  • CVE-2020-14593: Less Affine Transformations (JDK-8240119)
  • CVE-2020-14621: Better XML namespace handling (JDK-8242136)
  • Update tzdata requirement to 2022a to match JDK-8283350
  • Update NEWS from IcedTea
  • Adjust jdk8076221-pr2809-disable_rc4_cipher_suites.patch to apply after
    bump OpenJDK version

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.005

Percentile

75.5%