Lucene search

K
redhatRedHatRHSA-2022:1489
HistoryApr 25, 2022 - 2:33 p.m.

(RHSA-2022:1489) Important: java-1.8.0-openjdk security update

2022-04-2514:33:34
CWE-179
access.redhat.com
55
openjdk 8
security fix
apache santuario
xpath expressions
annotationinvocationhandler
objectidentifier
uri parsing

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

75.5%

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)

  • OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)

  • OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)

  • OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)

  • OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatjava-11-openjdkRange11.0.15.0.9-2.el7_9
OR
redhatjava-1.8.0-openjdkRange1.8.0.332.b09-1.el7_9
OR
redhatjava-1.7.1-ibm-1Range1.7.1.5.10-1jpp.1.el7
OR
redhatjava-1.8.0-ibm-1Range1.8.0.7.10-1jpp.1.el7
OR
redhatjava-11-openjdkRange11.0.15.0.9-2.el8_5
OR
redhatjava-17-openjdkRange17.0.3.0.6-2.el8_5
OR
redhatjava-1.8.0-openjdkRange1.8.0.332.b09-1.el8_5
OR
redhatjava-1.8.0-ibmRange1.8.0.7.10-1.el8_6
OR
redhatjava-11-openjdk-1Range11.0.15.0.9-2.el8_1
OR
redhatjava-1.8.0-openjdk-1Range1.8.0.332.b09-1.el8_1
OR
redhatjava-11-openjdk-1Range11.0.15.0.9-2.el8_2
OR
redhatjava-1.8.0-openjdk-1Range1.8.0.332.b09-1.el8_2
OR
redhatjava-11-openjdk-1Range11.0.15.0.9-2.el8_4
OR
redhatjava-1.8.0-openjdk-1Range1.8.0.332.b09-1.el8_4
OR
redhatjava-11-openjdkRange11.0.15.0.10-1.el9_0
OR
redhatjava-17-openjdkRange17.0.3.0.7-1.el9_0
OR
redhatjava-1.8.0-openjdkRange1.8.0.332.b09-1.el9_0
OR
redhatjava-1.8.0-ibm-1Range1.8.0.8.0-1jpp.1.el7
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatchsupplementary
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatjava-11-openjdk*cpe:2.3:a:redhat:java-11-openjdk:*:*:*:*:*:*:*:*
redhatjava-1.8.0-openjdk*cpe:2.3:a:redhat:java-1.8.0-openjdk:*:*:*:*:*:*:*:*
redhatjava-1.7.1-ibm-1*cpe:2.3:a:redhat:java-1.7.1-ibm-1:*:*:*:*:*:*:*:*
redhatjava-1.8.0-ibm-1*cpe:2.3:a:redhat:java-1.8.0-ibm-1:*:*:*:*:*:*:*:*
redhatjava-17-openjdk*cpe:2.3:a:redhat:java-17-openjdk:*:*:*:*:*:*:*:*
redhatjava-1.8.0-ibm*cpe:2.3:a:redhat:java-1.8.0-ibm:*:*:*:*:*:*:*:*
redhatjava-11-openjdk-1*cpe:2.3:a:redhat:java-11-openjdk-1:*:*:*:*:*:*:*:*
redhatjava-1.8.0-openjdk-1*cpe:2.3:a:redhat:java-1.8.0-openjdk-1:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
Rows per page:
1-10 of 121

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

75.5%