Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1489: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
  • CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
  • CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
  • CVE-2022-21476: OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
  • CVE-2022-21496: OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
Red Hat Security Data
#vulnerability#linux#red_hat#apache#java

Synopsis

Important: java-1.8.0-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
  • OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
  • OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
  • OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
  • OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
  • BZ - 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
  • BZ - 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
  • BZ - 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
  • BZ - 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

CVEs

  • CVE-2022-21426
  • CVE-2022-21434
  • CVE-2022-21443
  • CVE-2022-21476
  • CVE-2022-21496

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm

SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0

x86_64

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: de920d0f796bcaae3196a3012a60f793d2b5ac719f083db6ce57de17c9939bce

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: f377d4216536cb638f2fd824e88cb788daa88821db76ce8b79862a99cdaa4715

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: b58e647b91c7950304595ee7358278044738175c7538872a6a51144f86381ad7

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: cbc04e0ee93ac8ed594ca0975aa4d7e3f9f3432c98048b874a63602ca6e3b5a8

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 1d5d24d5e83943d2cf75981afed6b6b3e4c71bdc44b13a7e7cf558ded35dd6ab

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 838f85f483d4d514d102181ca3fff6a640a63ab0c9c873c3895e2e02cb77433d

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 4403b5b64877f97662e069298ea0c067530c97465826d3c989b5db028ce91264

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 68e1408d159c366c71c146389a0994a6b5d5bcb39fab13635052f157ec679105

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 6a8da563d91ac38e618a99420fd68b500506480a53b3b1f30635d3fcf023b1ac

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 3054a40e068ba0f10d05857714a201fc7c4c4366b0c018c42aa3c40fad100e7c

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 94834a09f27ea3440c3e7958ad46c6bd86553f5a09972d270493086e0d24102f

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: fa8ca02f68a2a2d07ad80b39dd14a31059ae8a3d1240dc3215fca3c2cff6ea9a

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 4235096e8b1df819a1878d733f90cecda0694da804448e9a38aea78a46957c7e

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 203bcc3a9fdfed3fccdf4bd37deedb3cb9614c4910af134fbca4f732b6cd855f

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 0031382e41ff36daa3c8ea3cea35b7f4db719cc888f8826c89260510e25f7ad4

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm

SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0

x86_64

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: de920d0f796bcaae3196a3012a60f793d2b5ac719f083db6ce57de17c9939bce

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: f377d4216536cb638f2fd824e88cb788daa88821db76ce8b79862a99cdaa4715

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: b58e647b91c7950304595ee7358278044738175c7538872a6a51144f86381ad7

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: cbc04e0ee93ac8ed594ca0975aa4d7e3f9f3432c98048b874a63602ca6e3b5a8

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 1d5d24d5e83943d2cf75981afed6b6b3e4c71bdc44b13a7e7cf558ded35dd6ab

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 838f85f483d4d514d102181ca3fff6a640a63ab0c9c873c3895e2e02cb77433d

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 4403b5b64877f97662e069298ea0c067530c97465826d3c989b5db028ce91264

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 68e1408d159c366c71c146389a0994a6b5d5bcb39fab13635052f157ec679105

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 6a8da563d91ac38e618a99420fd68b500506480a53b3b1f30635d3fcf023b1ac

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 3054a40e068ba0f10d05857714a201fc7c4c4366b0c018c42aa3c40fad100e7c

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 94834a09f27ea3440c3e7958ad46c6bd86553f5a09972d270493086e0d24102f

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: fa8ca02f68a2a2d07ad80b39dd14a31059ae8a3d1240dc3215fca3c2cff6ea9a

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 4235096e8b1df819a1878d733f90cecda0694da804448e9a38aea78a46957c7e

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 203bcc3a9fdfed3fccdf4bd37deedb3cb9614c4910af134fbca4f732b6cd855f

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 0031382e41ff36daa3c8ea3cea35b7f4db719cc888f8826c89260510e25f7ad4

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm

SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0

s390x

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: a56c1fcb8c5d5317dab90672b062d1e5b68d712e849de0568179b862a8ea979b

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: 7009fba8e2ddec41be7480f9e6b0e60f99e1d664436dc0e4f91c6592e97e43b2

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: 006cc53aef3eeff8dddafd6220c732c378f7555d4e213869ebde2b0be908e3f6

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: 5a26be44d2a51462624940c07f705efdbccdcd4a191e963dfab2b1a1be489f46

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: a92e677b9782ffa5197c75352bc95b397236324981fc25386bf9fd075e06f76d

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: 2b1769cac4cc8f0d399d93c3732d41a42b22809d2e1ce4ec7d26d24be1c7fd72

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: 108c1d5fe60b1e73d045f15460e7b62461eaed6a93092d7d1fe24bce78c9e445

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: e75bc81f8fd0fa34ff0ecc930657fd7b31de0f7a8f6fd736ca2bb79c280b2dbe

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: 6cfe6befd9b4c4e0cc9dc9867ea032115de9c0ae3f00b861a0b130fa225fd797

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: b5667ff8af8a9595f7bc9b015e9eab3da9ef167f741c4563e971739373ea1b14

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.s390x.rpm

SHA-256: 65bc0d8b968f55a40510b485c8f2644c5d15506499dee39c9dbb49fcc08f718d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm

SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0

ppc64le

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 6450eb22501a46bff202cff9bce3e9f5304741901e97bab5f5e5cc0ec7a5aa71

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: fbbdb4e61f1da6df3c81dd8219d982b94a86e0b3bee57279363d95d6f7263e69

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 19bedda7cd5a1cb034540aba5376bcce91555c072377dcf38017f798888ae0bf

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 60be9dbda6971e9a9dce74a8eb463c61979eabadeb23e1ed00b923a3a96ca649

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: e0aca83c786a58b0531e581331731ccc3d6437ee92105675068bb85aa1ae6771

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 6bdacf7c89c2180d0349084d37b5f8cea844571e112e28afa1cc7642a09dc1f2

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: e27f52341630aba3523f4e0576a708cb1b8fccb70002bba53e09ffbf018a461c

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 20decd4c37d15b3b19a3ac2c888c4cb148b1239c04c919fd08069336ec008adc

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 3779effbb08f14139da92d2dd91f5fb148724b3e633cc3548b8840bc43f313d7

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 9009c0d98452268b40652b337ee3dc3917e00535239d9076c427255863d7782b

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: bf6d2c59f22f148884b90a9ba416d254514aeb1053e259a70746f8d9764fd51d

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 57a042cc147893ca03fc4dabc5c7c69aa504eda980bf655627e4d3685980b3f4

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 95fb2645779ebe0ff73e035a7346c36ade7a1c1e5201201115802aecc23e8587

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: d0216bada082b09f31c73eb1735e0560bd6f595e2484424ca64d0e6d7fe2166b

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 7d95488c1acf6d41f25800652207d802ba92617f78970ae25f17fb73e961166a

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm

SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0

x86_64

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: de920d0f796bcaae3196a3012a60f793d2b5ac719f083db6ce57de17c9939bce

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: f377d4216536cb638f2fd824e88cb788daa88821db76ce8b79862a99cdaa4715

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: b58e647b91c7950304595ee7358278044738175c7538872a6a51144f86381ad7

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: cbc04e0ee93ac8ed594ca0975aa4d7e3f9f3432c98048b874a63602ca6e3b5a8

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 1d5d24d5e83943d2cf75981afed6b6b3e4c71bdc44b13a7e7cf558ded35dd6ab

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 838f85f483d4d514d102181ca3fff6a640a63ab0c9c873c3895e2e02cb77433d

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 4403b5b64877f97662e069298ea0c067530c97465826d3c989b5db028ce91264

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 68e1408d159c366c71c146389a0994a6b5d5bcb39fab13635052f157ec679105

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 6a8da563d91ac38e618a99420fd68b500506480a53b3b1f30635d3fcf023b1ac

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 3054a40e068ba0f10d05857714a201fc7c4c4366b0c018c42aa3c40fad100e7c

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 94834a09f27ea3440c3e7958ad46c6bd86553f5a09972d270493086e0d24102f

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: fa8ca02f68a2a2d07ad80b39dd14a31059ae8a3d1240dc3215fca3c2cff6ea9a

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 4235096e8b1df819a1878d733f90cecda0694da804448e9a38aea78a46957c7e

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 203bcc3a9fdfed3fccdf4bd37deedb3cb9614c4910af134fbca4f732b6cd855f

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 0031382e41ff36daa3c8ea3cea35b7f4db719cc888f8826c89260510e25f7ad4

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm

SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0

aarch64

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 0b55c10e66f83898cf08963ff1e8958c220dde1bb5f0ccabc310f884c6c79004

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 77dd31fe45b7678aede4368272f30c506c24f7347b066a850f01e4afa1b7f254

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: e86db37281d2394906b30bfa5ef3a6da3f2931e66dd8d27ef6ae84a7bb8827ba

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 58663f9a1dcda357b7eda362ccbf065adfb1c68b47a7f0e04242bfb3f813a1b0

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: d48a4b1e1ba64e67ccc552ffd7a11df93948fcefb250702503f1fe16a1842053

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 47e7f0219a9a0fee06be600176bbb9ea5cea4aa137db64fcc8230d45d66ca745

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 274ae59b0b43667cbfc78fc0905233b09c2e06788644b80fcbdd9656dcd9c0f3

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 81a91438ecce5c55cba2064644006ebd04cd8430af504a6a06972f945a987ae3

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 2db8db12c2f799c796f890c20c36d00b62e29d843e6d8aa0b062ba3a1af6ec68

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: fa0e88149ccde1cccd15506cb1fec15cbefb533b5b690c257527e189591ea008

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 7d519f45d8fab812da82f8fe5afc185f164ca2b3652c8fd632ad046c954cba5a

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 83a9ec32aed61675d1b3b4f2aa3894f5df61a0d1027210105142bc9e566de176

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 2725307719b18ccff006630621896afa4c5928b3c609b5a82b8f7b656751041f

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 0b29f9fc1450aade08bd44f9d18bb0e6546fdb7fb0d886073aeaa4eeb7b19bd6

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.aarch64.rpm

SHA-256: 554d86cbb1ff0bec8c7659aeaa3cf144c7a03228bdd80f32ddf294558b669307

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm

SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0

ppc64le

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 6450eb22501a46bff202cff9bce3e9f5304741901e97bab5f5e5cc0ec7a5aa71

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: fbbdb4e61f1da6df3c81dd8219d982b94a86e0b3bee57279363d95d6f7263e69

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 19bedda7cd5a1cb034540aba5376bcce91555c072377dcf38017f798888ae0bf

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 60be9dbda6971e9a9dce74a8eb463c61979eabadeb23e1ed00b923a3a96ca649

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: e0aca83c786a58b0531e581331731ccc3d6437ee92105675068bb85aa1ae6771

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 6bdacf7c89c2180d0349084d37b5f8cea844571e112e28afa1cc7642a09dc1f2

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: e27f52341630aba3523f4e0576a708cb1b8fccb70002bba53e09ffbf018a461c

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 20decd4c37d15b3b19a3ac2c888c4cb148b1239c04c919fd08069336ec008adc

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 3779effbb08f14139da92d2dd91f5fb148724b3e633cc3548b8840bc43f313d7

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 9009c0d98452268b40652b337ee3dc3917e00535239d9076c427255863d7782b

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: bf6d2c59f22f148884b90a9ba416d254514aeb1053e259a70746f8d9764fd51d

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 57a042cc147893ca03fc4dabc5c7c69aa504eda980bf655627e4d3685980b3f4

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 95fb2645779ebe0ff73e035a7346c36ade7a1c1e5201201115802aecc23e8587

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: d0216bada082b09f31c73eb1735e0560bd6f595e2484424ca64d0e6d7fe2166b

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.ppc64le.rpm

SHA-256: 7d95488c1acf6d41f25800652207d802ba92617f78970ae25f17fb73e961166a

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.2

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm

SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0

x86_64

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: de920d0f796bcaae3196a3012a60f793d2b5ac719f083db6ce57de17c9939bce

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: f377d4216536cb638f2fd824e88cb788daa88821db76ce8b79862a99cdaa4715

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: b58e647b91c7950304595ee7358278044738175c7538872a6a51144f86381ad7

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: cbc04e0ee93ac8ed594ca0975aa4d7e3f9f3432c98048b874a63602ca6e3b5a8

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 1d5d24d5e83943d2cf75981afed6b6b3e4c71bdc44b13a7e7cf558ded35dd6ab

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 838f85f483d4d514d102181ca3fff6a640a63ab0c9c873c3895e2e02cb77433d

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 4403b5b64877f97662e069298ea0c067530c97465826d3c989b5db028ce91264

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 68e1408d159c366c71c146389a0994a6b5d5bcb39fab13635052f157ec679105

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 6a8da563d91ac38e618a99420fd68b500506480a53b3b1f30635d3fcf023b1ac

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 3054a40e068ba0f10d05857714a201fc7c4c4366b0c018c42aa3c40fad100e7c

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 94834a09f27ea3440c3e7958ad46c6bd86553f5a09972d270493086e0d24102f

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: fa8ca02f68a2a2d07ad80b39dd14a31059ae8a3d1240dc3215fca3c2cff6ea9a

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 4235096e8b1df819a1878d733f90cecda0694da804448e9a38aea78a46957c7e

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm

SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 203bcc3a9fdfed3fccdf4bd37deedb3cb9614c4910af134fbca4f732b6cd855f

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.x86_64.rpm

SHA-256: 0031382e41ff36daa3c8ea3cea35b7f4db719cc888f8826c89260510e25f7ad4

Related news

CVE-2022-29806: Release The Memory Remains 1.36.13 · ZoneMinder/zoneminder

ZoneMinder before 1.36.13 allows remote code execution via an invalid language.

CVE-2022-29499: Mitel Product Security Advisory 22-0002

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

CVE-2021-35250: SolarWinds Trust Center Security Advisories | CVE-2021-35250

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

CVE-2022-1441: fixed #2175 · gpac/gpac@3dbe11b

MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.

CVE-2022-25866: Uses --end-of-options after command options (for security reasons) · czproject/git-php@5e82d54

The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

CVE-2022-28290: 2022-28290 - Reflected Cross-Site Scripting in Welaunch

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request

CVE-2022-1391: WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion ≈ Packet Storm

The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

CVE-2022-1396: WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting ≈ Packet Storm

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

CVE-2021-4225: CVEproject/wordpress_SP-Project_fileupload.md at main · pang0lin/CVEproject

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.

CVE-2022-1390: WordPress Admin Word Count Column 2.2 Local File Inclusion ≈ Packet Storm

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique

CVE-2022-24792: Merge pull request from GHSA-rwgw-vwxg-q799 · pjsip/pjproject@947bc1e

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.

RHSA-2022:1491: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defecti...

CVE-2022-29078: EJS, Server side template injection RCE (CVE-2022-29078) - writeup

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

CVE-2022-26111: CVE-Advisory/CVE-2022-26111.pdf at main · post-cyberlabs/CVE-Advisory

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.

RHSA-2022:1490: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-20...

RHSA-2022:1488: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151...

RHSA-2022:1487: Red Hat Security Advisory: java-1.8.0-openjdk security, bug fix, and enhancement update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defecti...

CVE-2022-27428: v2.0: stored XSS Vulnerability · Issue #20 · bensonarts/GalleryCMS

A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.

CVE-2022-28053: V1.5.3: Unrestricted File Upload Vulnerability · Issue #325 · typemill/typemill

Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-27429: V1.9.5: SSRF Vulnerability · Issue #67 · Cherry-toto/jizhicms

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.

CVE-2022-28586: XSS on Hoosk v1.8 · Issue #63 · havok89/Hoosk

XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.