Security update for java-1_8_0-openjdk (important)

An update that fixes 11 vulnerabilities is now available.

Description:

This update for java-1_8_0-openjdk fixes the following issues:

Update to version OpenJDK 8u312 (October 2021 CPU):

• CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS
  (bsc#1191901).
• CVE-2021-35556: Fixed excessive memory allocation in RTFParser
  (bsc#1191910).
• CVE-2021-35559: Fixed excessive memory allocation in RTFReader
  (bsc#1191911).
• CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet
  (bsc#1191912).
• CVE-2021-35564: Fixed certificates with end dates too far in the future
  can corrupt keystore (bsc#1191913).
• CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session
  close (bsc#1191909).
• CVE-2021-35567: Fixed incorrect principal selection when using Kerberos
  Constrained Delegation (bsc#1191903).
• CVE-2021-35578: Fixed unexpected exception raised during TLS handshake
  (bsc#1191904).
• CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader
  (bsc#1191914).
• CVE-2021-35588: Fixed incomplete validation of inner class references in
  ClassFileParser (bsc#1191905)
• CVE-2021-35603: Fixed non-constant comparison during TLS handshakes
  (bsc#1191906).

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.2:

  zypper in -t patch openSUSE-2021-1500=1