Lucene search

K
suseSuseOPENSUSE-SU-2022:0816-1
HistoryMar 14, 2022 - 12:00 a.m.

Security update for java-11-openjdk (moderate)

2022-03-1400:00:00
lists.opensuse.org
39
java-11-openjdk
vulnerabilities
update
security
opensuse leap 15.3
installation methods
suse
cve-2022-21248
cve-2022-21277
tiff files
xslt transformerimpl
regex pattern
stringbuilder
deserialization
identityhashmap
xmlentitymanager
lirgenerator
jar manifest
bmpimagereader

EPSS

0.004

Percentile

74.0%

An update that fixes 15 vulnerabilities is now available.

Description:

This update for java-11-openjdk fixes the following issues:

  • CVE-2022-21248: Fixed incomplete deserialization class filtering in
    ObjectInputStream. (bnc#1194926)
  • CVE-2022-21277: Fixed incorrect reading of TIFF files in
    TIFFNullDecompressor. (bnc#1194930)
  • CVE-2022-21282: Fixed Insufficient URI checks in the XSLT
    TransformerImpl. (bnc#1194933)
  • CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern.
    (bnc#1194937)
  • CVE-2022-21291: Fixed Incorrect marking of writeable fields.
    (bnc#1194925)
  • CVE-2022-21293: Fixed Incomplete checks of StringBuffer and
    StringBuilder during deserialization. (bnc#1194935)
  • CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during
    deserialization. (bnc#1194934)
  • CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager.
    (bnc#1194932)
  • CVE-2022-21299: Fixed Infinite loop related to incorrect handling of
    newlines in XMLEntityScanner. (bnc#1194931)
  • CVE-2022-21305: Fixed Array indexing issues in LIRGenerator.
    (bnc#1194939)
  • CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest
    attributes. (bnc#1194940)
  • CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing
    exceptions in ObjectInputStream. (bnc#1194941)
  • CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader.
    (bnc#1194929)
  • CVE-2022-21365: Fixed Integer overflow in BMPImageReader. (bnc#1194928)
  • CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor.
    (bnc#1194927)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-816=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3noarch< - openSUSE Leap 15.3 (noarch):- openSUSE Leap 15.3 (noarch):.noarch.rpm