Security update for java-11-openjdk (moderate)

An update that fixes 15 vulnerabilities is now available.

Description:

This update for java-11-openjdk fixes the following issues:

• CVE-2022-21248: Fixed incomplete deserialization class filtering in
  ObjectInputStream. (bnc#1194926)
• CVE-2022-21277: Fixed incorrect reading of TIFF files in
  TIFFNullDecompressor. (bnc#1194930)
• CVE-2022-21282: Fixed Insufficient URI checks in the XSLT
  TransformerImpl. (bnc#1194933)
• CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern.
  (bnc#1194937)
• CVE-2022-21291: Fixed Incorrect marking of writeable fields.
  (bnc#1194925)
• CVE-2022-21293: Fixed Incomplete checks of StringBuffer and
  StringBuilder during deserialization. (bnc#1194935)
• CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during
  deserialization. (bnc#1194934)
• CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager.
  (bnc#1194932)
• CVE-2022-21299: Fixed Infinite loop related to incorrect handling of
  newlines in XMLEntityScanner. (bnc#1194931)
• CVE-2022-21305: Fixed Array indexing issues in LIRGenerator.
  (bnc#1194939)
• CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest
  attributes. (bnc#1194940)
• CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing
  exceptions in ObjectInputStream. (bnc#1194941)
• CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader.
  (bnc#1194929)
• CVE-2022-21365: Fixed Integer overflow in BMPImageReader. (bnc#1194928)
• CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor.
  (bnc#1194927)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3:

  zypper in -t patch openSUSE-SLE-15.3-2022-816=1