Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1445: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
  • CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
  • CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
  • CVE-2022-21449: OpenJDK: Improper ECDSA signature verification (Libraries, 8277233)
  • CVE-2022-21476: OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
  • CVE-2022-21496: OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
Red Hat Security Data
#vulnerability#linux#red_hat#apache#java

Synopsis

Important: java-17-openjdk security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Improper ECDSA signature verification (Libraries, 8277233) (CVE-2022-21449)
  • OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
  • OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
  • OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
  • OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
  • OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Enable the import of plain keys into the NSS Software Token while in FIPS mode [rhel-8, openjdk-17] (BZ#2018189)
  • Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode [rhel-8, openjdk-17] (BZ#2055396)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2018189 - Enable the import of plain keys into the NSS Software Token while in FIPS mode [rhel-8, openjdk-17] [rhel-8.5.0.z]
  • BZ - 2055396 - Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode [rhel-8, openjdk-17] [rhel-8.5.0.z]
  • BZ - 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
  • BZ - 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
  • BZ - 2075821 - CVE-2022-21449 OpenJDK: Improper ECDSA signature verification (Libraries, 8277233)
  • BZ - 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
  • BZ - 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
  • BZ - 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

CVEs

  • CVE-2022-21426
  • CVE-2022-21434
  • CVE-2022-21443
  • CVE-2022-21449
  • CVE-2022-21476
  • CVE-2022-21496

Red Hat Enterprise Linux for x86_64 8

SRPM

java-17-openjdk-17.0.3.0.6-2.el8_5.src.rpm

SHA-256: 3c32710c3de29502f11e795d55d225cd2c4f45a0ec78b7646be3c3554704f51a

x86_64

java-17-openjdk-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 24b712a0684194c9b87b0db6f22ace8094af17e0ee1b430cb84999a8de81d292

java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: e9aa62638a5d185cb138f55129ff770893a2ba0d2987b5619e04b0850c4960c7

java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 561b6527af61d565bc90bc579f33040fa85d2ab969772facbcc4a0f0e6c417e8

java-17-openjdk-demo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: f9b50be42a2e741e118244366e27123c50df47a6b64031abf077a70280923293

java-17-openjdk-devel-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 829ac35eeed995c615a9eeb6f9c9598b9672fc62c9509bfe00c82d53ca3307bd

java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: b1fa5027150abbfd64e846154786db191a3d4f7c14974485de1c11330c382281

java-17-openjdk-headless-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: c3b049948d71a62dcc1ea546c297b8a0ad33243805ad140b5183f2eaf87b87aa

java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: de0f5bef1dd4909dc14c0fe3d931e868f438a7e32859b60b8f37c5e1a942929e

java-17-openjdk-javadoc-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 1302fb4171ff9341ba755a9bc6c1636ce0650d9dd7d48bd17b3474096ec3cb40

java-17-openjdk-javadoc-zip-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 6fca241e6b493b2fb89ceffacea7b0834c240852a634ff7dd3745c9f96748ef7

java-17-openjdk-jmods-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 18043c55f5e8ae336275f08bdb6c3c608bdb4721e395ded18f1e809b6580a53a

java-17-openjdk-src-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 3f77e34c4acff3e2ec206e2b81a52105019dd02335c4522f10900f0bad37535f

java-17-openjdk-static-libs-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 9b1c5f05af9dc712d8f8ec5d990e83895378e18fb04b30700dc6d217bc367cee

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

java-17-openjdk-17.0.3.0.6-2.el8_5.src.rpm

SHA-256: 3c32710c3de29502f11e795d55d225cd2c4f45a0ec78b7646be3c3554704f51a

s390x

java-17-openjdk-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: c7144856b999ff02dea59fca3cd7fd1a2dafa707958cb40230f21a8e50c6c708

java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 5a1dd33c209b3d25aa44943260e17f7712df11318d72971d89acbb937801deee

java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 345e27994e825c1f334df365640f673316a15ec91d552a252418fcf01cd4f4c5

java-17-openjdk-demo-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 775319f12252a4708abc13f1acf58d8c8a8cfafd203fd4b8fdc87611d972ea79

java-17-openjdk-devel-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 193096accafec87757e0a63b627d60d69a9c34aca16983b300863e05ae9b6e29

java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 087b58ce9f5ba2009fcd47f4f78e2dd66b9d4f176e53ca85356209896608ec53

java-17-openjdk-headless-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 6b87a5d45484c8060bc56d754f0bdc008dfd646989909b59b30ef18b74853328

java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 10e27265aad80d212b785970eee92a1c89107cfa75c7265d6ec47e4ea3b0b45e

java-17-openjdk-javadoc-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: c003f96a9ab42f54f14f170d2989fb45ce6f913c8dc92fb7eb371147a805f283

java-17-openjdk-javadoc-zip-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 28b48723fb4894f07e6f18d4c83d32861aa5bc15aeff5658cb32665cb7c3f8b2

java-17-openjdk-jmods-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: b085f2d4d333a23617cf43201f5597727171762511fc7d9476a1c55594e21903

java-17-openjdk-src-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 518b60ac5d9fc516f46818ffa31ff58d5f4cb0867ebc76af1c9ad6cb3daff00c

java-17-openjdk-static-libs-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 43f919306c08da245c760e3e699433031c290fd34a108b85cc94f5e8e57bcc61

Red Hat Enterprise Linux for Power, little endian 8

SRPM

java-17-openjdk-17.0.3.0.6-2.el8_5.src.rpm

SHA-256: 3c32710c3de29502f11e795d55d225cd2c4f45a0ec78b7646be3c3554704f51a

ppc64le

java-17-openjdk-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 67ea63122225c8d85fb6a9b14d0f6dc07764221407ea7bc1b5c17a21869eb23a

java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 9c7d83f034191468fbbb95694704498db317821e924380e7816161aa28d4fedd

java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 31f6a11c8067f3dfa729db4ce71a1ad1767b2c7a438741bd0cd4f52c1a38351f

java-17-openjdk-demo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 5cba8b1886205531abf231dcacf9536194682d6899c2d5ac8f6abb6b83828fbe

java-17-openjdk-devel-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 5542427f02615de7b9f1d4d79d6748247d3fd756269aee659f47b4478ed7c629

java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 2f57d94838742b2c44d136ccf0e46971051fcd61532f4ad9357678f5e13db4f9

java-17-openjdk-headless-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 428ef89b5f5097412c7ed590dfc9650c81949f8f397934cbf0013913601b647b

java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 0e964d9e3bdf7283cb2c4aeb0216143a870e77c18bb9adf2c8afbbb23bb54dad

java-17-openjdk-javadoc-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 19c7dbabc7eca24042f5e06dc263d926410723d585e42914970b408d549e4426

java-17-openjdk-javadoc-zip-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: a52147eadc08366b35b987f20312fbb424b9c814658f5ef233c4a3b984cdc2ca

java-17-openjdk-jmods-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: c870de46dcb7f2c59fce75e11b2fb07215bf17a52c453f0c2542142c5489c833

java-17-openjdk-src-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 1de4eefb738f0acc65e0ec413b3d60183c91b9eb15fd52b90b293f9b507b7a48

java-17-openjdk-static-libs-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 91f4e4e7d7ff8b33fe290e8d63f258eb90c02b391eef725fef0ba6c34c6d11dd

Red Hat Enterprise Linux for ARM 64 8

SRPM

java-17-openjdk-17.0.3.0.6-2.el8_5.src.rpm

SHA-256: 3c32710c3de29502f11e795d55d225cd2c4f45a0ec78b7646be3c3554704f51a

aarch64

java-17-openjdk-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 26b337dbe9bf452598026442ef90e5d4291b5ae5afb307bae11c1bd9a73727ad

java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 51b8512f350ae84770fefb933119c362f09c830e4ee71f67e0b7dc93fe6eaa0d

java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 09eb257640383b80c0b1fbca15dd747f3988644d29e357ad4dc9ca5639f7b4a4

java-17-openjdk-demo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 3fb8bd6edaff32971db4fde1dbc1af291c19189b557e1df2a51fb9fa61da945c

java-17-openjdk-devel-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 68ba006a659130199dfb9f9baea82ecc377c42bcfa6235f962b794cd1f148749

java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 97f6613b2e5755fee945b9c923b9e0b3912a2fa0f14bb69e1bb999a0e700a0bf

java-17-openjdk-headless-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 522b7f8553bbbfa78bf351f67dd7eab6521211f79a896f13533bba6f29a20e35

java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: d4729fe20c923610601e86a188419feea8eea24f65d14ef45964d2ac0a147e5c

java-17-openjdk-javadoc-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 673f253f6b08936f40a87c75f1ef3b5c83aaae7145b6fc4bc15ef3a8697abf51

java-17-openjdk-javadoc-zip-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: a597ba4ba25b57ebc9fd06e28d2875bc15b33d341ed12e6ac5d51d9a888cb617

java-17-openjdk-jmods-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 59533848eb76282dfc0528da466f11470c6e5f9618b4a602255c70036c2ed750

java-17-openjdk-src-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: b3c7d4e9fb2d4cc0fb34ade4f6bdd9e8f2f98e9abe8d0ec3706e5b7e8be2df03

java-17-openjdk-static-libs-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 91b35a9d17fdc26bd729a4265ceafdb5cdbb0989cfe81de4a994bd9923210110

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: e9aa62638a5d185cb138f55129ff770893a2ba0d2987b5619e04b0850c4960c7

java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 561b6527af61d565bc90bc579f33040fa85d2ab969772facbcc4a0f0e6c417e8

java-17-openjdk-demo-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: ac728d643672cc1d5a1a62dd4066b2f01e9b267972344ad0a565e4cc37de6724

java-17-openjdk-demo-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 01a424442871f109656efa9179f5b9ba6b8c5e1dccd5ed9efb9ee516ba294c86

java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: b1fa5027150abbfd64e846154786db191a3d4f7c14974485de1c11330c382281

java-17-openjdk-devel-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: d1685c459eda60d70719bdea0d1dd38840fec1a2a70bb6b18c0cf96eeab6c981

java-17-openjdk-devel-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 280e4acb99a0c7313ec0f06b4a46e4adb0377289812ba9d4e585488d425d8961

java-17-openjdk-devel-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: f706ebd70967ce656cdf11c6d33ed104c625e10534edb9474a060b570942e0bd

java-17-openjdk-devel-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 949cd15769c90b93732f70b72ad70191335546dc81e2c4f6a8bdf846f3d06191

java-17-openjdk-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 0170cf547e008ffb2d7503f09c471a7a5f58502235e472439896ab9fb9c59204

java-17-openjdk-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 8dc9f8f8318cdcf9c98b4e4067551ca5f6a2f237d8ac42045679712805a2cb92

java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: de0f5bef1dd4909dc14c0fe3d931e868f438a7e32859b60b8f37c5e1a942929e

java-17-openjdk-headless-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 98914a778681a7d353ea741dcef59f4964364574c3b6a575b250ad2afd70eef7

java-17-openjdk-headless-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 09c404d15d90944b165e5ba8f73eb2e874ecb8c00017d36b7ce84952a1d47ce2

java-17-openjdk-headless-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 3fdfc566941dae0f5b9cee908061cd234471582f3dce20b5c79efb479452227a

java-17-openjdk-headless-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 255219964f72cafdc2c806b17c6f19796c4b481ed86bc6b09d8f5fcc217da73e

java-17-openjdk-jmods-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: dcd548c8feedfe51fc90eb835838e205d804bae512bc119388ea613eb8744556

java-17-openjdk-jmods-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: a337aff7806b42ffb1542207b24c03db49961d40580b223a43c092bbde838416

java-17-openjdk-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: af37a2495f0f4d9321add42cd9928b863af545a64ce6597444086012f007da29

java-17-openjdk-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: e023d07509561bd2f03b07a63534df8421b356f4b779f39e27f78de9f8e67efa

java-17-openjdk-src-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 64929120c66ae69a6c5636f15d76aea95b9d8c6bcbda07bfa0bc3a8146ca485a

java-17-openjdk-src-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 8adac3f7e109615d9adc5aff3ffb0e93e63d952440f5f5d85731123b67a9b7d9

java-17-openjdk-static-libs-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 6bd317283c718aceb08066aa5d2978dc1fe72b8f1cd57492b61da3a6a5385dcb

java-17-openjdk-static-libs-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm

SHA-256: 76786d57fec124549bea1766dee8db0bd77659cd134b510f4dfcffb7e3ae0a62

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM

ppc64le

java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 9c7d83f034191468fbbb95694704498db317821e924380e7816161aa28d4fedd

java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 31f6a11c8067f3dfa729db4ce71a1ad1767b2c7a438741bd0cd4f52c1a38351f

java-17-openjdk-demo-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 494e531852bfa33c4bef3cd995397c768d95b28a7caa7ae4675d8548b5f00c28

java-17-openjdk-demo-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: ba73a2f323db9645a43792c5dc66803e91278cecd87fe547dfea67b028625c3c

java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 2f57d94838742b2c44d136ccf0e46971051fcd61532f4ad9357678f5e13db4f9

java-17-openjdk-devel-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: cd09af9419df7476d7ccf4180e278e239058b6588e6a990183f22c3ec791c035

java-17-openjdk-devel-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 8d201c410c1f46a8007764b0991208475ac027145b3e5c521220e6d142ffa1d9

java-17-openjdk-devel-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 67b1847be5793b5b3e40da9b62d99c4d68142d35a674f7ad7d46e410d2e7c457

java-17-openjdk-devel-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 7a298f94d33fa7df43113ef981e229c7046c86ded9fe1b86c80a488aa78d1104

java-17-openjdk-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: ff97158620de350d3c47ffb408d76a15284e92e75f67683fd0d23e0450f5fb5b

java-17-openjdk-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 467f0b900ab26b541c0e9d0f4af89af3f9803004ecfbf3dadd9ba13c2df9a41f

java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 0e964d9e3bdf7283cb2c4aeb0216143a870e77c18bb9adf2c8afbbb23bb54dad

java-17-openjdk-headless-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 60e54a400be7230be88895f748b1590c2d86e5ca05896615671051abb5eb4774

java-17-openjdk-headless-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 72c624b9860eb6557092db650de54ade45d9af5633b1125dc7a65b2d28be1fc5

java-17-openjdk-headless-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 0a80efd97c2cfeef98dfd01f2ed25cda4ec43aea008cde00294fb03317a66490

java-17-openjdk-headless-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 69bab71fefdb7daefec882d32fdd5c97046e961ab443baf279a40a0078d76bd4

java-17-openjdk-jmods-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 70b1e434ca10568bb5e7b1be040409385bfb8c15e1a11d0eca1aa10c471aead1

java-17-openjdk-jmods-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 3d1d7b463b038040449c10f25d9e2fa4f423fe5fa21985fc3189b9dec93871c5

java-17-openjdk-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 0130199dd7dd3c49f3647555d004108572a5110fdab587d012c47ebd2f938683

java-17-openjdk-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: a096cd6194259600c04c9d16c054f6808c78cfd4967c542c8e3c53f49ddf9347

java-17-openjdk-src-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 7f858d78a213d2644b5f2ef3513aba424863b2eae6a5444bbc234cef944e7436

java-17-openjdk-src-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: b6f495ed4c933de904567b3e932d4d8517f3cc00cf799576aeb6fef1e1882366

java-17-openjdk-static-libs-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 13ee6d69a935fdb792ed9bdbb6c532bc423318ef819a320744b66940b785f649

java-17-openjdk-static-libs-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm

SHA-256: 8d6c65c8bc42654e63997df40901eb96ab3ae4e88e32764fc1d777c744b2d649

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM

aarch64

java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 51b8512f350ae84770fefb933119c362f09c830e4ee71f67e0b7dc93fe6eaa0d

java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 09eb257640383b80c0b1fbca15dd747f3988644d29e357ad4dc9ca5639f7b4a4

java-17-openjdk-demo-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: bc48fb0b264c794511ab7b4aed2b48446a57df17443ca3be571d50198d4d60ac

java-17-openjdk-demo-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 9055a0af6c9cb094ac384b8c803603d39ec7b68eb86c6614a30de07ae532a027

java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 97f6613b2e5755fee945b9c923b9e0b3912a2fa0f14bb69e1bb999a0e700a0bf

java-17-openjdk-devel-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: b16c7fabe6f4589c077b929133a53a3e462077e86cb438756763677648d86f52

java-17-openjdk-devel-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 1843adb9249c4e95d727da5fdf602ecb8b2a8e93f819474cd84993e7ff1bbd6e

java-17-openjdk-devel-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 0c3da4bdf059ed9cde3f4076aafed1cdd636f061b30ed35452da2cc2356e5d8b

java-17-openjdk-devel-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: b688962185d167999792dfd074c9949f59529db2fad8ef0116914a900cc20c44

java-17-openjdk-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: c626d626af61375b937ab3dba3f2a5092b848b690811f0df82ccabe23c1695f5

java-17-openjdk-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: de68bebd8ad1da59fa9b92a4542fffc91bf37f76ef2eae9d8eb5dbe798b186c8

java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: d4729fe20c923610601e86a188419feea8eea24f65d14ef45964d2ac0a147e5c

java-17-openjdk-headless-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 6cf89860aa626707823a7787defc1ed42afc692c616933411fd6ceb91ce28468

java-17-openjdk-headless-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 13d7c19a4095004107050e3ec789dff2a52e76797f96d97615e17b7c09cb25aa

java-17-openjdk-headless-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: d4d9e93cc307e840a235ed9c32c9faf041543856ae53c832d20216f1ecb58e0d

java-17-openjdk-headless-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 93b8a42849047f9f4b55fb607a9e8671c3e39e3e3e8a22b8b53ed2128cc94f51

java-17-openjdk-jmods-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 3ff42f69fc2175ebe8e8b1866dd5558a70a8bb0ef2ed5ffbd3034cbd9a237503

java-17-openjdk-jmods-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 9b48c9f4dd531f9ba169a8cbc69a3295879beb67c0ff0256a9fd097d7339d622

java-17-openjdk-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 6e6732e92b5c818ae254c38c9a7f6b5cf2d47561d353494209f8fb81923ad50d

java-17-openjdk-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 19b08b822e69cf3b63fea54ca92e92522b4428da22eca53ea3d64d672f376a43

java-17-openjdk-src-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 3c74452977ae4998e2f094154478c59c95bef5671224cdda57c2b4ea772d62ce

java-17-openjdk-src-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: a27e6281734fd7961589d4ccc96ea9ef9cd87a0162040c75478865468b760b57

java-17-openjdk-static-libs-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: a6ee08ba32e729a1c7ea96664812d6d3e74482ebdfa2130661c18df4f49a69c1

java-17-openjdk-static-libs-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm

SHA-256: 49bb158743ddf91760e3f92fcd67d94f7c2bb3a5ae271a939262c5853aec3f17

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM

s390x

java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 5a1dd33c209b3d25aa44943260e17f7712df11318d72971d89acbb937801deee

java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 345e27994e825c1f334df365640f673316a15ec91d552a252418fcf01cd4f4c5

java-17-openjdk-demo-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: ea9ed4f179048a0bf3b002ef3a672db724a2a36ed871d36524c1dc10643080ba

java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 087b58ce9f5ba2009fcd47f4f78e2dd66b9d4f176e53ca85356209896608ec53

java-17-openjdk-devel-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 7bcd916b39332493594396113807971a8ce768ca826fc40ebdab87b7dbbdd0ec

java-17-openjdk-devel-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 5d86d0830d558201af4236910f7941eb064ce56070c02d58357a73f3c6eeb606

java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 10e27265aad80d212b785970eee92a1c89107cfa75c7265d6ec47e4ea3b0b45e

java-17-openjdk-headless-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: f3c0e12f7d3ef30797718a007a807b9fdfc8ff09da0388aab85188c9f99827d6

java-17-openjdk-headless-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 09d469f0bd87b8e5c678349365978410c0bce681108bae84da46b5f9a68ba473

java-17-openjdk-jmods-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 45edd8a7162c174a57a0f3dd8b532533b8f40a6a9afdc40c81945b65a006f159

java-17-openjdk-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 90793405da952e86d296d6d8e11d498ee7beef6a82ec99f3d3c0f9a942f1ac95

java-17-openjdk-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: bbb93731d9e641a6dcc5eb9b8704f12a9c6dcbb0d8c091bafcb6bfdfc8100c7b

java-17-openjdk-src-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 1ddb0176ce9f34176d26520f2d22f66b6844ea2db57734e136e803de55e23633

java-17-openjdk-static-libs-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm

SHA-256: 463b8d551d5fb3b973f9a877c2a7408a4ac2ceb7a5a524b1fa4fd5d1a62e898b

Related news

RHSA-2022:1461: Red Hat Security Advisory: Logging Subsystem 5.4 - Red Hat OpenShift Security and Bug update

Logging Subsystem 5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to MITM attacks * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

CVE-2022-24874: Build software better, together

acs commons is an open source framework for AEM projects. ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html` endpoint via the `a` and `b` GET parameters. User input submitted via these parameters is not validated or sanitized. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. The exploitation of this issue requires user interaction in order to be successful. This issue has been resolved in 5.2.0. There are no known workarounds for this issue.

RHSA-2022:1478: Red Hat Security Advisory: Satellite 6.9.9 Async Bug Fix Update

Updated Satellite 6.9 packages that fix several bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-27023: puppet: unsafe HTTP redirect

CVE-2022-24865: Fix must change password (#5638) · humhub/humhub@eb83de2

HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue.

RHSA-2022:1389: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update

Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3516: libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c * CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c * CVE-2021-3518: libxml...

RHSA-2022:1390: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3516: libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c * CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c * CVE-2021-3518: libxml2: Use-after-free in xmlXIncludeDoProcess() in xinc...

CVE-2022-24861: fix some security bug (#103) · vran-dev/databasir@ca22a8f

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to the system. Users are advised to upgrade. There are no known workarounds to this issue.

CVE-2022-24871: Shopware 6 - Security Updates

Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.

CVE-2022-0540: Jira Security Advisory 2022-04-20 | Atlassian Support

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.

CVE-2022-24862: Build software better, together

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF.

CVE-2022-26133: [BSERV-13173] Bitbucket Data Center - Java Deserialization Vulnerability In Hazelcast - CVE-2022-26133

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.

CVE-2022-24864: Remove presale join endpoint by DanielVF · Pull Request #617 · OriginProtocol/origin-website

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to `/presale/join`. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the [email protected]. If the email recipient is using an email program that is susceptible to XSS, then that email recipient will receive an email that may contain malicious XSS. Regardless if the email recipient’s mail program has vulnerabilities or not, the hacker can at the very least inject malicious HTML that modifies the body content of the email. There are currently no known workarounds.

CVE-2022-24799: fix: Improve message rendering (#12748) · wireapp/wire-webapp@d144552

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious message, arbitrary code is injected and executed in the context of the victim. This allows the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-03-30-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-03-30-production.0-v0.29.2-0-d144552 or wire-server 2022-03-30 (chart/4.8.0), so that their applications are no longer affected. There are no known workarounds for this issue. ### Patches * The issue has been fixed in wire-webapp **2022-03-30-production.0** an...

RHSA-2022:1455: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c

RHSA-2022:1440: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defective ...

RHSA-2022:1463: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update on RHEL 8

New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

RHSA-2022:1462: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update on RHEL 7

New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

Oracle releases massive Critical Patch Update containing 520 security patches

Oracle's April Critical Patch UPdate contains 520 new security patches. We spell out some of the most important vulnerabilities. The post Oracle releases massive Critical Patch Update containing 520 security patches appeared first on Malwarebytes Labs.

RHSA-2022:1469: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update

A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern

RHSA-2022:1363: Red Hat Security Advisory: OpenShift Container Platform 4.9.29 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.29 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty

RHSA-2022:1442: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defective ...

RHSA-2022:1441: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-...

RHSA-2022:1443: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-...

RHSA-2022:1336: Red Hat Security Advisory: OpenShift Container Platform 4.7.49 security update

Red Hat OpenShift Container Platform release 4.7.49 is now available with updates to packages and images that fix several bugs and add enhancements. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.49. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0711: haproxy: Denial of service via set-cookie2 header

RHSA-2022:1444: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) *...

RHSA-2022:1370: Red Hat Security Advisory: OpenShift Container Platform 4.8.37 security and extras update

Red Hat OpenShift Container Platform release 4.8.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.37. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty

RHSA-2022:1357: Red Hat Security Advisory: OpenShift Container Platform 4.10.10 security and extras update

Red Hat OpenShift Container Platform release 4.10.10 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty

CVE-2022-27629: MicroPayments – Paid Author Subscriptions, Content, Downloads, Membership

Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors.

CVE-2022-24826: Build software better, together

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious repository contains files named `..exe` and `cygpath.exe`, and `cygpath.exe` is not found in `PATH`, the `..exe` program will be executed when certain Git LFS commands are run. More generally, if the current working directory contains any file with a base name of `.` and a file extension from `PATHEXT` (except `.bat` and `.cmd`), and also contains another file with the same base name as a program Git LFS intends to execute (such as `git`, `cygpath`, or `uname`) and any file extension from `PATHEXT` (including `.bat` and `.cmd`), then, on Windows, when Git LFS attempts to execute the intended program the `..exe`, `..com`, etc., file will be executed instead, but only if the intended progra...

CVE-2021-3101: Build software better, together

Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container.

CVE-2022-24858: Upgrade Guide (v4) | NextAuth.js

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`.

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-21498: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

CVE-2022-1187: Changeset 2702715 for wp-youtube-live – WordPress Plugin Repository

The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21.

CVE-2022-28222: Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk

The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php`

CVE-2022-1186: Changeset 2701343 for be-popia-compliant – WordPress Plugin Repository

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.

CVE-2022-1329: Changeset 2708766 for elementor/trunk/core/app/modules/onboarding/module.php – WordPress Plugin Repository

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.

CVE-2022-24825: Build software better, together

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by appending a dot to the end of user-supplied URLs, or by providing input in a different letter case. Recommended to upgrade Smokescreen to version 0.0.3 or later.

Rethinking Cyber-Defense Strategies in the Public-Cloud Age

Exploring what's next for public-cloud security, including top risks and how to implement better risk management.

CVE-2022-25648: Command Injection in git | CVE-2022-25648 | Snyk

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.