Lucene search

K
oraclelinux
OracleLinuxELSA-2022-1445
HistoryApr 20, 2022 - 12:00 a.m.

java-17-openjdk security and bug fix update

2022-04-2000:00:00
linux.oracle.com
68

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

[1:17.0.3.0.6-2]

  • Add JDK-8284920 fix for XPath regression
  • Related: rhbz#2073575
    [1:17.0.3.0.6-2]
  • JDK-8275082 should be listed as also resolving JDK-8278008 & CVE-2022-21476
  • Related: rhbz#2073575
    [1:17.0.3.0.6-1]
  • JDK-8283911 patch no longer needed now weโ€™re GAโ€ฆ
  • Resolves: rhbz#2073575
    [1:17.0.3.0.6-1]
  • April 2022 security update to jdk 17.0.3+6
  • Update to jdk-17.0.3.0+6 pre-release tarball (17usec.17.0.3+5-220408)
  • Add JDK-8284548 regression fix missing from pre-release tarball but in jdk-17.0.3+6/jdk-17.0.3-ga
  • Update release notes to 17.0.3.0+6
  • Add missing README.md and generate_source_tarball.sh
  • Introduce tests/tests.yml, based on the one in java-11-openjdk
  • Switch to GA mode for release
  • This tarball is embargoed until 2022-04-19 @ 1pm PT.
  • Resolves: rhbz#2073575
    [1:17.0.3.0.5-0.1.ea]
  • Update to jdk-17.0.3.0+5
  • Update release notes to 17.0.3.0+5
  • Switch to EA mode for 17.0.3 pre-release builds.
  • Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value
  • Related: rhbz#2073422
    [1:17.0.2.0.8-6]
  • Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
  • Resolves: rhbz#2055396
    [1:17.0.2.0.8-5]
  • Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
  • Resolves: rhbz#2018189
    [1:17.0.2.0.8-5]
  • Add patch to allow plain key import.
  • Resolves: rhbz#2018189
How to protect your server from attacks?

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for ELSA-2022-1445