Headline
RHSA-2022:1489: Red Hat Security Advisory: java-1.8.0-openjdk security update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
- CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
- CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
- CVE-2022-21476: OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
- CVE-2022-21496: OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
Synopsis
Important: java-1.8.0-openjdk security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
- OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
- OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
- OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
- OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
- OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
- BZ - 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
- BZ - 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
- BZ - 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
- BZ - 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
CVEs
- CVE-2022-21426
- CVE-2022-21434
- CVE-2022-21443
- CVE-2022-21476
- CVE-2022-21496
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm
SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0
x86_64
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: de920d0f796bcaae3196a3012a60f793d2b5ac719f083db6ce57de17c9939bce
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: f377d4216536cb638f2fd824e88cb788daa88821db76ce8b79862a99cdaa4715
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: b58e647b91c7950304595ee7358278044738175c7538872a6a51144f86381ad7
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: cbc04e0ee93ac8ed594ca0975aa4d7e3f9f3432c98048b874a63602ca6e3b5a8
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 1d5d24d5e83943d2cf75981afed6b6b3e4c71bdc44b13a7e7cf558ded35dd6ab
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 838f85f483d4d514d102181ca3fff6a640a63ab0c9c873c3895e2e02cb77433d
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 4403b5b64877f97662e069298ea0c067530c97465826d3c989b5db028ce91264
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 68e1408d159c366c71c146389a0994a6b5d5bcb39fab13635052f157ec679105
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 6a8da563d91ac38e618a99420fd68b500506480a53b3b1f30635d3fcf023b1ac
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 3054a40e068ba0f10d05857714a201fc7c4c4366b0c018c42aa3c40fad100e7c
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 94834a09f27ea3440c3e7958ad46c6bd86553f5a09972d270493086e0d24102f
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: fa8ca02f68a2a2d07ad80b39dd14a31059ae8a3d1240dc3215fca3c2cff6ea9a
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 4235096e8b1df819a1878d733f90cecda0694da804448e9a38aea78a46957c7e
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 203bcc3a9fdfed3fccdf4bd37deedb3cb9614c4910af134fbca4f732b6cd855f
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 0031382e41ff36daa3c8ea3cea35b7f4db719cc888f8826c89260510e25f7ad4
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm
SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0
x86_64
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: de920d0f796bcaae3196a3012a60f793d2b5ac719f083db6ce57de17c9939bce
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: f377d4216536cb638f2fd824e88cb788daa88821db76ce8b79862a99cdaa4715
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: b58e647b91c7950304595ee7358278044738175c7538872a6a51144f86381ad7
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: cbc04e0ee93ac8ed594ca0975aa4d7e3f9f3432c98048b874a63602ca6e3b5a8
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 1d5d24d5e83943d2cf75981afed6b6b3e4c71bdc44b13a7e7cf558ded35dd6ab
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 838f85f483d4d514d102181ca3fff6a640a63ab0c9c873c3895e2e02cb77433d
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 4403b5b64877f97662e069298ea0c067530c97465826d3c989b5db028ce91264
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 68e1408d159c366c71c146389a0994a6b5d5bcb39fab13635052f157ec679105
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 6a8da563d91ac38e618a99420fd68b500506480a53b3b1f30635d3fcf023b1ac
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 3054a40e068ba0f10d05857714a201fc7c4c4366b0c018c42aa3c40fad100e7c
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 94834a09f27ea3440c3e7958ad46c6bd86553f5a09972d270493086e0d24102f
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: fa8ca02f68a2a2d07ad80b39dd14a31059ae8a3d1240dc3215fca3c2cff6ea9a
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 4235096e8b1df819a1878d733f90cecda0694da804448e9a38aea78a46957c7e
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 203bcc3a9fdfed3fccdf4bd37deedb3cb9614c4910af134fbca4f732b6cd855f
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 0031382e41ff36daa3c8ea3cea35b7f4db719cc888f8826c89260510e25f7ad4
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm
SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0
s390x
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: a56c1fcb8c5d5317dab90672b062d1e5b68d712e849de0568179b862a8ea979b
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: 7009fba8e2ddec41be7480f9e6b0e60f99e1d664436dc0e4f91c6592e97e43b2
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: 006cc53aef3eeff8dddafd6220c732c378f7555d4e213869ebde2b0be908e3f6
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: 5a26be44d2a51462624940c07f705efdbccdcd4a191e963dfab2b1a1be489f46
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: a92e677b9782ffa5197c75352bc95b397236324981fc25386bf9fd075e06f76d
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: 2b1769cac4cc8f0d399d93c3732d41a42b22809d2e1ce4ec7d26d24be1c7fd72
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: 108c1d5fe60b1e73d045f15460e7b62461eaed6a93092d7d1fe24bce78c9e445
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: e75bc81f8fd0fa34ff0ecc930657fd7b31de0f7a8f6fd736ca2bb79c280b2dbe
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: 6cfe6befd9b4c4e0cc9dc9867ea032115de9c0ae3f00b861a0b130fa225fd797
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: b5667ff8af8a9595f7bc9b015e9eab3da9ef167f741c4563e971739373ea1b14
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.s390x.rpm
SHA-256: 65bc0d8b968f55a40510b485c8f2644c5d15506499dee39c9dbb49fcc08f718d
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm
SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0
ppc64le
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 6450eb22501a46bff202cff9bce3e9f5304741901e97bab5f5e5cc0ec7a5aa71
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: fbbdb4e61f1da6df3c81dd8219d982b94a86e0b3bee57279363d95d6f7263e69
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 19bedda7cd5a1cb034540aba5376bcce91555c072377dcf38017f798888ae0bf
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 60be9dbda6971e9a9dce74a8eb463c61979eabadeb23e1ed00b923a3a96ca649
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: e0aca83c786a58b0531e581331731ccc3d6437ee92105675068bb85aa1ae6771
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 6bdacf7c89c2180d0349084d37b5f8cea844571e112e28afa1cc7642a09dc1f2
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: e27f52341630aba3523f4e0576a708cb1b8fccb70002bba53e09ffbf018a461c
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 20decd4c37d15b3b19a3ac2c888c4cb148b1239c04c919fd08069336ec008adc
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 3779effbb08f14139da92d2dd91f5fb148724b3e633cc3548b8840bc43f313d7
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 9009c0d98452268b40652b337ee3dc3917e00535239d9076c427255863d7782b
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: bf6d2c59f22f148884b90a9ba416d254514aeb1053e259a70746f8d9764fd51d
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 57a042cc147893ca03fc4dabc5c7c69aa504eda980bf655627e4d3685980b3f4
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 95fb2645779ebe0ff73e035a7346c36ade7a1c1e5201201115802aecc23e8587
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: d0216bada082b09f31c73eb1735e0560bd6f595e2484424ca64d0e6d7fe2166b
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 7d95488c1acf6d41f25800652207d802ba92617f78970ae25f17fb73e961166a
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm
SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0
x86_64
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: de920d0f796bcaae3196a3012a60f793d2b5ac719f083db6ce57de17c9939bce
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: f377d4216536cb638f2fd824e88cb788daa88821db76ce8b79862a99cdaa4715
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: b58e647b91c7950304595ee7358278044738175c7538872a6a51144f86381ad7
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: cbc04e0ee93ac8ed594ca0975aa4d7e3f9f3432c98048b874a63602ca6e3b5a8
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 1d5d24d5e83943d2cf75981afed6b6b3e4c71bdc44b13a7e7cf558ded35dd6ab
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 838f85f483d4d514d102181ca3fff6a640a63ab0c9c873c3895e2e02cb77433d
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 4403b5b64877f97662e069298ea0c067530c97465826d3c989b5db028ce91264
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 68e1408d159c366c71c146389a0994a6b5d5bcb39fab13635052f157ec679105
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 6a8da563d91ac38e618a99420fd68b500506480a53b3b1f30635d3fcf023b1ac
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 3054a40e068ba0f10d05857714a201fc7c4c4366b0c018c42aa3c40fad100e7c
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 94834a09f27ea3440c3e7958ad46c6bd86553f5a09972d270493086e0d24102f
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: fa8ca02f68a2a2d07ad80b39dd14a31059ae8a3d1240dc3215fca3c2cff6ea9a
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 4235096e8b1df819a1878d733f90cecda0694da804448e9a38aea78a46957c7e
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 203bcc3a9fdfed3fccdf4bd37deedb3cb9614c4910af134fbca4f732b6cd855f
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 0031382e41ff36daa3c8ea3cea35b7f4db719cc888f8826c89260510e25f7ad4
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm
SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0
aarch64
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 0b55c10e66f83898cf08963ff1e8958c220dde1bb5f0ccabc310f884c6c79004
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 77dd31fe45b7678aede4368272f30c506c24f7347b066a850f01e4afa1b7f254
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: e86db37281d2394906b30bfa5ef3a6da3f2931e66dd8d27ef6ae84a7bb8827ba
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 58663f9a1dcda357b7eda362ccbf065adfb1c68b47a7f0e04242bfb3f813a1b0
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: d48a4b1e1ba64e67ccc552ffd7a11df93948fcefb250702503f1fe16a1842053
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 47e7f0219a9a0fee06be600176bbb9ea5cea4aa137db64fcc8230d45d66ca745
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 274ae59b0b43667cbfc78fc0905233b09c2e06788644b80fcbdd9656dcd9c0f3
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 81a91438ecce5c55cba2064644006ebd04cd8430af504a6a06972f945a987ae3
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 2db8db12c2f799c796f890c20c36d00b62e29d843e6d8aa0b062ba3a1af6ec68
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: fa0e88149ccde1cccd15506cb1fec15cbefb533b5b690c257527e189591ea008
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 7d519f45d8fab812da82f8fe5afc185f164ca2b3652c8fd632ad046c954cba5a
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 83a9ec32aed61675d1b3b4f2aa3894f5df61a0d1027210105142bc9e566de176
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 2725307719b18ccff006630621896afa4c5928b3c609b5a82b8f7b656751041f
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 0b29f9fc1450aade08bd44f9d18bb0e6546fdb7fb0d886073aeaa4eeb7b19bd6
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.aarch64.rpm
SHA-256: 554d86cbb1ff0bec8c7659aeaa3cf144c7a03228bdd80f32ddf294558b669307
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm
SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0
ppc64le
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 6450eb22501a46bff202cff9bce3e9f5304741901e97bab5f5e5cc0ec7a5aa71
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: fbbdb4e61f1da6df3c81dd8219d982b94a86e0b3bee57279363d95d6f7263e69
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 19bedda7cd5a1cb034540aba5376bcce91555c072377dcf38017f798888ae0bf
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 60be9dbda6971e9a9dce74a8eb463c61979eabadeb23e1ed00b923a3a96ca649
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: e0aca83c786a58b0531e581331731ccc3d6437ee92105675068bb85aa1ae6771
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 6bdacf7c89c2180d0349084d37b5f8cea844571e112e28afa1cc7642a09dc1f2
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: e27f52341630aba3523f4e0576a708cb1b8fccb70002bba53e09ffbf018a461c
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 20decd4c37d15b3b19a3ac2c888c4cb148b1239c04c919fd08069336ec008adc
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 3779effbb08f14139da92d2dd91f5fb148724b3e633cc3548b8840bc43f313d7
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 9009c0d98452268b40652b337ee3dc3917e00535239d9076c427255863d7782b
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: bf6d2c59f22f148884b90a9ba416d254514aeb1053e259a70746f8d9764fd51d
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 57a042cc147893ca03fc4dabc5c7c69aa504eda980bf655627e4d3685980b3f4
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 95fb2645779ebe0ff73e035a7346c36ade7a1c1e5201201115802aecc23e8587
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: d0216bada082b09f31c73eb1735e0560bd6f595e2484424ca64d0e6d7fe2166b
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.ppc64le.rpm
SHA-256: 7d95488c1acf6d41f25800652207d802ba92617f78970ae25f17fb73e961166a
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.2
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.src.rpm
SHA-256: fec8b44d38dbf35df8b3f4ba276185852fac3e5d1648a9320bbda383a20decf0
x86_64
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: de920d0f796bcaae3196a3012a60f793d2b5ac719f083db6ce57de17c9939bce
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: f377d4216536cb638f2fd824e88cb788daa88821db76ce8b79862a99cdaa4715
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: b58e647b91c7950304595ee7358278044738175c7538872a6a51144f86381ad7
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: cbc04e0ee93ac8ed594ca0975aa4d7e3f9f3432c98048b874a63602ca6e3b5a8
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 1d5d24d5e83943d2cf75981afed6b6b3e4c71bdc44b13a7e7cf558ded35dd6ab
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 838f85f483d4d514d102181ca3fff6a640a63ab0c9c873c3895e2e02cb77433d
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 4403b5b64877f97662e069298ea0c067530c97465826d3c989b5db028ce91264
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 68e1408d159c366c71c146389a0994a6b5d5bcb39fab13635052f157ec679105
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 6a8da563d91ac38e618a99420fd68b500506480a53b3b1f30635d3fcf023b1ac
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 3054a40e068ba0f10d05857714a201fc7c4c4366b0c018c42aa3c40fad100e7c
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 94834a09f27ea3440c3e7958ad46c6bd86553f5a09972d270493086e0d24102f
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: fa8ca02f68a2a2d07ad80b39dd14a31059ae8a3d1240dc3215fca3c2cff6ea9a
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 4235096e8b1df819a1878d733f90cecda0694da804448e9a38aea78a46957c7e
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: 1b399f065548ae3ff271293ab3e624fba2f48f96fe780f5fec53c303871943a8
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_2.noarch.rpm
SHA-256: c6df165771b4857429766f1f26d1a8b9fcc38f2d015d31700efc1317f12e30c6
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 203bcc3a9fdfed3fccdf4bd37deedb3cb9614c4910af134fbca4f732b6cd855f
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_2.x86_64.rpm
SHA-256: 0031382e41ff36daa3c8ea3cea35b7f4db719cc888f8826c89260510e25f7ad4
Related news
ZoneMinder before 1.36.13 allows remote code execution via an invalid language.
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defecti...
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-20...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defecti...
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.