Lucene search
CloudLinuxCLSA-2022:1661176564HistoryAug 22, 2022 - 1:56 p.m.
Fixed 50 CVEs in java-1.7.0-openjdk
2022-08-2213:56:04
repo.cloudlinux.com
53
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.003 Low
EPSS
Percentile
70.0%
- Bump to 2.6.28 and OpenJDK 7u351-b01.
- Security fixes in 7u351:
- CVE-2022-21540: Improve class compilation (JDK-8281859)
- CVE-2022-21541: Enhance MethodHandle invocations (JDK-8281866)
- CVE-2022-34169: Improve Xalan supports (JDK-8285407)
- Security fixes in 7u341:
- CVE-2022-21426: Better XPath expression handling (JDK-8270504)
- CVE-2022-21434: Better invocation handler handling (JDK-8277672)
- CVE-2022-21443: Improved Object Identification (JDK-8275151)
- CVE-2022-21476: Improve Santuario processing (JDK-8278008)
- CVE-2022-21496: Improve URL supports (JDK-8278972)
- Security fixes in 7u331:
- CVE-2022-21248: Enhance cross VM serialization (JDK-8264934)
- CVE-2022-21282: Better resolution of URIs (JDK-8270492)
- CVE-2022-21283: Better String matching (JDK-8268813)
- CVE-2022-21293: Improve String constructions (JDK-8270392)
- CVE-2022-21294: Enhance construction of Identity maps (JDK-8270416)
- CVE-2022-21296: Improve SAX Parser configuration management (JDK-8270498)
- CVE-2022-21299: Improved scanning of XML entities (JDK-8270646)
- CVE-2022-21305: Better array indexing (JDK-8272014)
- CVE-2022-21340: Verify Jar Verification (JDK-8272026)
- CVE-2022-21341: Improve serial forms for transport (JDK-8272236)
- CVE-2022-21349: Improve Solaris font rendering (JDK-8273748)
- CVE-2022-21360: Enhance BMP image support (JDK-8273756)
- CVE-2022-21365: Enhanced BMP processing (JDK-8273838)
- Security fixes in 7u321:
- CVE-2021-35550: Update the default enabled cipher suites preference
(JDK-8163326) - CVE-2021-35556: Richer Text Editors (JDK-8265167)
- CVE-2021-35559: Enhanced style for RTF kit (JDK-8265580)
- CVE-2021-35561: Better hashing support (JDK-8266097)
- CVE-2021-35564: Improve Keystore integrity (JDK-8266137)
- CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
(JDK-8254967) - CVE-2021-35586: Better BMP support (JDK-8267735)
- CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if
InnerClasses attribute’s inner_class_info_index is 0 (JDK-8130183) - CVE-2021-35603: Better session identification (JDK-8269618)
- Security fixes in 7u311:
- CVE-2021-2341: Improve file transfers (JDK-8258432)
- CVE-2021-2369: Better jar file validation (JDK-8260967)
- CVE-2021-2432: Provide better LDAP provider support (JDK-8267412)
- Security fixes in 7u301:
- CVE-2021-2161: Less ambiguous processing (JDK-8250568)
- CVE-2021-2163: Enhance opening JARs (JDK-8249906)
- Security fixes in 7u281:
- CVE-2020-14779: Enhance support of Proxy class (JDK-8236862)
- CVE-2020-14781: Enhanced LDAP contexts (JDK-8237990)
- CVE-2020-14782: Enhance certificate processing (JDK-8237995)
- CVE-2020-14792: Better range handling (JDK-8241114)
- CVE-2020-14796: Improved URI Support (JDK-8242680)
- CVE-2020-14797: Better Path Validation (JDK-8242685)
- CVE-2020-14798: Enhanced buffer support (JDK-8242695)
- CVE-2020-14803: Improved Buffer supports (JDK-8244136)
- Security fixes in 7u271:
- CVE-2020-14577: Enhance certificate verification (JDK-8237592)
- CVE-2020-14578: NegativeArraySizeException in
sun.security.util.DerInputStream.getUnalignedBitString() (JDK-8028591) - CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
(JDK-8028431) - CVE-2020-14581: Better matrix operations (JDK-8238002)
- CVE-2020-14583: Better Buffer support (JDK-8238920)
- CVE-2020-14593: Less Affine Transformations (JDK-8240119)
- CVE-2020-14621: Better XML namespace handling (JDK-8242136)
- Update tzdata requirement to 2022a to match JDK-8283350
- Update NEWS from IcedTea
- Adjust jdk8076221-pr2809-disable_rc4_cipher_suites.patch to apply after
bump OpenJDK version
Related
nessus
nessus
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2022-1633)
2022-09-12 00:00:00
Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2022-1835)
2022-09-15 00:00:00
Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2022-1631)
2022-08-23 00:00:00
amazon
amazon
Important: java-1.8.0-openjdk
2022-08-15 18:37:00
Important: java-1.7.0-openjdk
2022-09-01 17:24:00
Important: java-1.7.0-openjdk
2022-09-01 21:09:00
osv
osv
openjdk-8 - security update
2022-02-10 00:00:00
Moderate: java-1.8.0-openjdk security and bug fix update
2022-01-27 13:47:36
Moderate: java-1.8.0-openjdk security and bug fix update
2022-01-27 13:47:36
openvas
openvas
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2022-b706eef225)
2022-02-11 00:00:00
Debian: Security Advisory (DLA-2917-1)
2022-02-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0873-1)
2022-03-16 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: java-1.8.0-openjdk-1.8.0.322.b06-2.fc35
2022-02-11 01:23:37
[SECURITY] Fedora 34 Update: java-1.8.0-openjdk-1.8.0.322.b06-2.fc34
2022-02-11 01:11:34
[SECURITY] Fedora 32 Update: java-11-openjdk-11.0.9.11-0.fc32
2020-10-31 02:02:10
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
2022-11-14 16:23:08
Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2.4
2022-09-30 08:52:40
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-06-14 14:37:05
debian
debian
[SECURITY] [DLA 2917-1] openjdk-8 security update
2022-02-10 08:51:22
[SECURITY] [DLA 2412-1] openjdk-8 security update
2020-10-30 09:23:09
[SECURITY] [DSA 4779-1] openjdk-11 security update
2020-10-25 10:14:25
suse
suse
Security update for java-1_8_0-openjdk (moderate)
2020-11-26 00:00:00
Security update for java-1_8_0-openj9 (important)
2020-11-10 00:00:00
Security update for java-1_8_0-openjdk (moderate)
2020-11-27 00:00:00
rocky
rocky
java-1.8.0-openjdk security and bug fix update
2022-02-01 03:36:17
java-1.8.0-openjdk security and bug fix update
2022-01-27 13:47:36
redhat
redhat
(RHSA-2022:0321) Moderate: OpenJDK 8u322 Windows builds release and security update
2022-01-27 19:55:12
(RHSA-2022:0317) Moderate: OpenJDK 8u322 security update for Portable Linux Builds
2022-01-27 19:55:10
(RHSA-2022:0312) Moderate: java-1.8.0-openjdk security update
2022-01-27 15:48:40
almalinux
almalinux
Moderate: java-1.8.0-openjdk security and bug fix update
2022-01-27 13:47:36
altlinux
altlinux
gentoo
gentoo
OpenJDK: Multiple Vulnerabilities
2022-09-07 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security and bug fix update
2022-01-27 00:00:00
java-1.8.0-openjdk security update
2022-01-27 00:00:00
java-1.8.0-openjdk security update
2020-10-27 00:00:00
ubuntu
ubuntu
OpenJDK regressions
2020-11-12 00:00:00
OpenJDK vulnerabilities
2020-10-27 00:00:00
centos
centos
java security update
2022-01-27 23:14:09
java security update
2020-11-06 21:58:30
java security update
2020-11-09 13:12:26
rosalinux
rosalinux
Advisory ROSA-SA-2023-2314
2023-12-19 12:08:45
kaspersky
kaspersky
KLA11985 Multiple vulnerabilities in Oracle Java SE
2020-10-20 00:00:00
KLA12426 Multiple vulnerabilities in Oracle Java and GraalVM
2022-01-18 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-11-14 00:20:36
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.003 Low
EPSS
Percentile
70.0%
Related for CLSA-2022:1661176564