Headline
RHSA-2022:1491: Red Hat Security Advisory: java-1.8.0-openjdk security update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
- CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
- CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
- CVE-2022-21476: OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
- CVE-2022-21496: OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
Synopsis
Important: java-1.8.0-openjdk security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
- OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
- OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
- OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
- OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
- OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Fixes
- BZ - 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
- BZ - 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
- BZ - 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
- BZ - 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
- BZ - 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
CVEs
- CVE-2022-21426
- CVE-2022-21434
- CVE-2022-21443
- CVE-2022-21476
- CVE-2022-21496
Red Hat Enterprise Linux for x86_64 8
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.src.rpm
SHA-256: b5d063f7014dd18339febab4bfc447ad1a3bf66bcc8c38db55f591b1a6f1bb3e
x86_64
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: ef1c6f37bc8099f195168a07f8f1b6330453b97e1bca903237834890ae968e1a
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: d92ee5c114ae7b9a9abe87dc6ceaa88f5451df3c5660bc0bb286e6cf4a47ca0c
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: d5ab0631be890ebc5e437a04159cc19322233d3c0475029547a6e4f35ce9adc3
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 008ec3a1ad3e633a9239f6ee4bb4d3ea4f120a34ae5b10e5ad2807d2d7095966
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 20dc361eed75d719337639af8966db03fa8621cb7278a46ad3de500f8b4ab9a4
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 04c0fc18606c97e0cbf15087920f37415cb2cc75ebf709a6a8d96701c5cde59f
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 7f5ec2897a33802cd41619576d2db8de9bf2daa48df0d068fb10e8fd227edd7e
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 473b40bc0614666c93cd316f429e83f73ed40e7b3c2cdf5043fe22b915deb4fb
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: e42a2856634878ed69d921bd4f3bd9d48a39510ef801d0db3ce033d10a911584
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: fa1f565896084c8a097aff678c4e271f924abf746540d45e848ceca83bc6af58
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_5.noarch.rpm
SHA-256: ca18ea9260547a80c4764f1fe4875a026af3b8d6721814287d70479776d12d18
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_5.noarch.rpm
SHA-256: 800e3d3ab981f416f083dab3e3965297a10e019c269b8501e7b3d00d957d2352
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: ff501943b2f58518ef0ec03d707a097f6017645c631411946c715ad268f4a195
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.src.rpm
SHA-256: b5d063f7014dd18339febab4bfc447ad1a3bf66bcc8c38db55f591b1a6f1bb3e
s390x
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: 019beba82def501f243c5c04034203e048cc38194efceb6ad98172a34abe73b1
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: 1d1572361de2c70e7c6bdbf55f233b6eddb02f42e10f49f5193b0288d1bcef51
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: 19dcac83db33231ac59d562d057019f36a50eaee95deb0c6bae19265543599ed
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: 129e88399e12ff246164ab6b860b6aa58d7d98498b5d4967f802764ab580cd93
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: 6057b0e457ff7139ef0b7640b679006d72d04c1da45a4400d8bed965861686ce
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: 7baa9c893a579482ac99e50f741682cfe89c4e9a9a57bc3c17f4837d38523608
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: b70b1ece9ab8b8cef904244e8d674587fc9f51b009b67d290b8c5ac87ff8d95d
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: 8500fca3310a4e80d04bf0a9fc442f6d8d357b1efeb991fd7cbf9b66a20bdd85
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: ffc17979cdc41da47401b9b38b47c4ad10ae3c0b4fea31f4d528b3dbb075ea63
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: d49d3adc620784a0fdfdebb7adfa2dc0bfe80b71de4ca303344026d6f4593ab6
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_5.noarch.rpm
SHA-256: ca18ea9260547a80c4764f1fe4875a026af3b8d6721814287d70479776d12d18
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_5.noarch.rpm
SHA-256: 800e3d3ab981f416f083dab3e3965297a10e019c269b8501e7b3d00d957d2352
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_5.s390x.rpm
SHA-256: ccb72a9790fc0e2161497d5b6f9ccb76d46377992412c835ab3ec48493ffc6f9
Red Hat Enterprise Linux for Power, little endian 8
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.src.rpm
SHA-256: b5d063f7014dd18339febab4bfc447ad1a3bf66bcc8c38db55f591b1a6f1bb3e
ppc64le
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 4dc01245bba9982d70954ab14de7cb7c571862e901d2f8e6db6e62eec612313e
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 31358f5b82160fc089f25b70cb65a204eb2ce04f67107a596c2b11da4ca21094
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 2abdc9a599cd5727a9ec5983c5bacd5409eccca22538c46b76ad19e9a24ac256
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 82e9d76084a7959212a8457ce3632711ac9d41af7de09e2f5905e6c61b85b4e0
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 6b8421079c175df3c006f2b1e493b1f294a8e19873689273f4674a7e823ef128
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 188586350108eff0ee260d8cd62a776d1b48e72c2e16a4f3530bd7672c91bd73
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 0e761ba7ceddb672a1f03e32b77853bf688d9f3be1418e18f1ef3a349e55069e
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 08719c92fe5391b287700ba838b631e1094215a5ebad195e74aad77ea72308ca
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: ab1cabce3c918e19aeec3da18260a78ed0aee68a7ebcbbc650fdc094b4538078
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 9ab3105d9ffc4cf197b570d7d9ba787505a470d8e5c8c4a14be41dbc9d201ea4
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_5.noarch.rpm
SHA-256: ca18ea9260547a80c4764f1fe4875a026af3b8d6721814287d70479776d12d18
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_5.noarch.rpm
SHA-256: 800e3d3ab981f416f083dab3e3965297a10e019c269b8501e7b3d00d957d2352
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: a4132a199e77867d4b9f0f5cd6ca5909ac5c1718b94229adacb3ac4322986362
Red Hat Enterprise Linux for ARM 64 8
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.src.rpm
SHA-256: b5d063f7014dd18339febab4bfc447ad1a3bf66bcc8c38db55f591b1a6f1bb3e
aarch64
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 3747124a27a69b524c83c00f974d8a5b810b5ce1f0fc55fcef180ce8aa9ba090
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 230d59e5ace7d6104e0c873c52780afb1e1f85fd2156892e2303e9e6b31463b3
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 3282882dae9f66b2b7f1d48d601fbb00c2ae36fee92b8d542967d58fad37bc82
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 39c107238e652cbe74dba162a0de50ea31b9285dbbad5403385ab056a9200602
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 826484a63a51b4dd032262cb585306b3aa21ac151c890cea1a3eb31b20cbd7ab
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 7167f4f338227e5ea57a61e90b3d60de8ce9ca5e14c48961ea4e9d714cb64ee6
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 4da077720ce88781d36950abed42fb6536f48a4dd48a578f633357701cc6264a
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 1757fe8ffe2c599de0576b4baf29ec83069b08d492525df0a95853d0b2ecd649
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 8e516d8580cc791cadc3fc674ecbc9363088024d7182621e2e7e893dc027525e
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 8b461ab58d338e57a9923f46505904b53d40b14047010d028bb72de5ac642a88
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_5.noarch.rpm
SHA-256: ca18ea9260547a80c4764f1fe4875a026af3b8d6721814287d70479776d12d18
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_5.noarch.rpm
SHA-256: 800e3d3ab981f416f083dab3e3965297a10e019c269b8501e7b3d00d957d2352
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 4d2f4364674e0d57eac9b14c7364f600b7d60ea632fd19e73cc07dd559caee26
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 6b8592ba6df062d72c8745af42fd7013e14c20b8a2ac380af000fb7d8f21b1b0
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 8c767f0916f0ee58780cdde486e336adb46acf5bada76801bb13ddca1e9a4ee3
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: d5ab0631be890ebc5e437a04159cc19322233d3c0475029547a6e4f35ce9adc3
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 008ec3a1ad3e633a9239f6ee4bb4d3ea4f120a34ae5b10e5ad2807d2d7095966
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 04c0fc18606c97e0cbf15087920f37415cb2cc75ebf709a6a8d96701c5cde59f
java-1.8.0-openjdk-demo-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 4ca9625f26e39e11d7b1a0dd01b30627342683ff02d27c00ef98dc616b030022
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 48e56a286b2d77eba8726b48a8dcb0a703a8d6ba37e0567316c25c206633b782
java-1.8.0-openjdk-demo-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 87c7fd7900e698f402500ac621aecf735ccc6759ff1dabd815716b693fc8c65d
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 13f0094726b6b0c25167d206e5bd433eae351c1021d65f41a67aae075ddd5da9
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 473b40bc0614666c93cd316f429e83f73ed40e7b3c2cdf5043fe22b915deb4fb
java-1.8.0-openjdk-devel-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: c9f97a99c5ddef35555a5f651a0dd6b31186f27c6a326b43eafa59d2b7212eb8
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: caad0028a5ebbfdbbb77b9999be566fe59c3955acf901ee32e6d45eadc060dd4
java-1.8.0-openjdk-devel-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 77b09dd3db5dbd7434d92b266baa7b93064c6d2107f9de9e26779492569f987e
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 5c370ee21ddba4d8246b99eb2c1d4095e83101e2b09f8b3b54d4eacbaca73240
java-1.8.0-openjdk-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: c41f2b454543f474d5a36844b6cd6d9503ae68c0b9a5f33b08941502a843d968
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: b7f4013e3c05d95aa511c5fd583c37ef449cf7840d361988acb7ba1f5424b778
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: fa1f565896084c8a097aff678c4e271f924abf746540d45e848ceca83bc6af58
java-1.8.0-openjdk-headless-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: ba43e24128978f79ea4994f310cbfc21d3ef92f5791f705ee03cdaa8d71e1ec9
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: b8e527026d8a1d30678d86d2cceb60c430ff8f966ba7df0c1edb8cd6b395f859
java-1.8.0-openjdk-headless-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 5c341f3641b2be566a3ff5b36728070ca5340ee1ac8dd8512c0df3c7128de0ba
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 7bdcabef026986ed0a04d4acb0cd6ea2bb850b2b7319c0b06155801fc4c30c0d
java-1.8.0-openjdk-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: f3c61b74e5602a9042d927cbef29cd335c144f2b0d6280923e3da1a5f4ca1f8c
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 13e9de96bb4b65088b8728c1a1fcce5aadbe44550059b089df2bb64520bdc8bf
java-1.8.0-openjdk-src-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 533029da45e8a883ea40ec03e948ecd8ab76a3d6df8b1e29bdc5c0b29f3fe0f0
java-1.8.0-openjdk-src-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm
SHA-256: 36a3427f3531af79578fe457394107a5f8dbbcbdf1c02628545fcec64cde588e
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 3a3c439ea2d1d3cb4b0d6d1e21bc277c7fdf37bc62c1caedd4d16478d09ce58d
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: bd2ee629a1b428946ba4e4826ce45577ffc55e0c53bff7903095063c03d1a6ad
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 2abdc9a599cd5727a9ec5983c5bacd5409eccca22538c46b76ad19e9a24ac256
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 82e9d76084a7959212a8457ce3632711ac9d41af7de09e2f5905e6c61b85b4e0
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 188586350108eff0ee260d8cd62a776d1b48e72c2e16a4f3530bd7672c91bd73
java-1.8.0-openjdk-demo-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 3889aecf26533f4e0f496c61ec84788738032308375ea4cbe906ba4eb40e487c
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 62c5702e84560066e35571787990735b7dbd059ae91c79c58d3b91266934ef5b
java-1.8.0-openjdk-demo-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 8411a687fe97eed7d25683b4bd3790931711c92c63d8ad7d216ea7d9c6338559
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 57164a6b1032d2b055a085c9573113f848893e43dc2e346e53fe58daea4a3abf
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 08719c92fe5391b287700ba838b631e1094215a5ebad195e74aad77ea72308ca
java-1.8.0-openjdk-devel-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 6fd01f963995f72de19024e2ff83daa018ad479e6bb3999b0761f1e3cddae5ee
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 5f3b4096dedd3640a2eadb9990b2e29739f3baa3892c87f39fb1b63a4b4756b0
java-1.8.0-openjdk-devel-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 4e0b3da61e9cb92e75b4189454fc6baf46d9a74f951d9c261a38ed755b273044
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 9e0839ae49487e77e455d502ed414971088b162d9849febe6bf61c527150be05
java-1.8.0-openjdk-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 02dec386d49a70674ab9b98f405002902d2b7230e3d0898d51f3efe0a30af260
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 8a61da09278b242c6cb9420081736ec67a89e692304cc316d561a2f139a96071
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 9ab3105d9ffc4cf197b570d7d9ba787505a470d8e5c8c4a14be41dbc9d201ea4
java-1.8.0-openjdk-headless-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: cbbe5d51f0082d88106e169fcc4c6e3d868bd58f0afafa415802743609d82340
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: fcabdbd7adeff366ca3bf3d7183dc9fbc3995d3b741a192617baa4caa7cf14c6
java-1.8.0-openjdk-headless-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: feb909a7df22a518ce2edabd3bf2a8e35f2f199d3280e2664ee8e675d9cc9639
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 4250939242d24ee8d19d70d4b54b891647a761c89deef6c28fdc2e0e08d33cc9
java-1.8.0-openjdk-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 3312be43653ece3db3b053014b6baf76937e448ebc6f356fc12f5b17f9342d86
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 0505bfa774fbd1f322c674ffd6e71408f3681b2f3ffd130e03db550260273ce7
java-1.8.0-openjdk-src-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: f801d9842f480ee7f49760237535b85d7f9725de73350d3998c89c74b136a5a9
java-1.8.0-openjdk-src-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm
SHA-256: 95449c1ca4e0858b2fd45befa2a59ed49136d0ef66de9bdef417281160a73eeb
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: b9a550db666936f33ad00accb7e62ac475b9fd7bedf976214444411016ad64ae
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 73494cfbefea2daf6fb2816b517dcbba006e35a7cdcf9b5f17577e207e227f40
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 3282882dae9f66b2b7f1d48d601fbb00c2ae36fee92b8d542967d58fad37bc82
java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 39c107238e652cbe74dba162a0de50ea31b9285dbbad5403385ab056a9200602
java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 7167f4f338227e5ea57a61e90b3d60de8ce9ca5e14c48961ea4e9d714cb64ee6
java-1.8.0-openjdk-demo-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 46e26399f6094b8cc52400aa0382f3971e94cbf597f7d85a3c3134ce5c077e25
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 43bc3959ae661f1dbb6f07bc11332dce991dc050215356e10c23955f7a04da63
java-1.8.0-openjdk-demo-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: e96897034744cc844ea3c08e53a51995c8519cc9fc564fab442a0e21adc3d179
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 3c69f2c34abeb979ebba92234e8e8c7c214e7bcf78bdbafaa31bcf61b410f2cc
java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 1757fe8ffe2c599de0576b4baf29ec83069b08d492525df0a95853d0b2ecd649
java-1.8.0-openjdk-devel-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 7d82829a61601e04644e7303927f03d685804c112e992a11b03780331ed54af8
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 80110f7a4582a35102aab8541395947a6077317e4545b7c4b39d9c3606d7e1e3
java-1.8.0-openjdk-devel-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: ef89559c3c6368d653d1f9abd862a84148d1df772ffb6c81ebb7e1be5118d488
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 5251353db9acd93bf59121dd74ed3d0533b864f473801855cb605b3e553bcbd1
java-1.8.0-openjdk-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 88926ff6ea4e93d604113d8bda5b99c37a16f54fc613bc0db803fb5095573ab4
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 24ddb6124c954f05e2d037d749b199aa01e99d4333e12f843dfe4137ceab0dc9
java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 8b461ab58d338e57a9923f46505904b53d40b14047010d028bb72de5ac642a88
java-1.8.0-openjdk-headless-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: d5f8e5a164c34700c68092946e2925152d872f4fc0d52b3cf0d9bab11c5a8f00
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 9c952fee0312e1a43c177cbe9d9d9471c5fde414e5be9f9e5319263990f83351
java-1.8.0-openjdk-headless-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 94439b2224e7a4af13949874ee565a962a57642878a349ebc1e7e79cf9e5584d
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: 856660a233c5108052f932ac5e1fa0e0bec958062ff464996c4e25b780562212
java-1.8.0-openjdk-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: e5cca96414159eeab74f2ade45905c71a57d3a885f4a81ee92b92b7308d24a5c
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: ede6e539baec8cc90bbbe5f2b1f1aa7ee354160d51e0dc6036b9b12ccb06a138
java-1.8.0-openjdk-src-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: f1184e3e0619bc0e09fc272bfffd19e02783c7a6e2f1c652f76fe9e930135ee8
java-1.8.0-openjdk-src-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm
SHA-256: aeed537f5f18e7b52cbaf88b41f1844f6a2cd5e6710df1f9e85a89120dba086d
Related news
ZoneMinder before 1.36.13 allows remote code execution via an invalid language.
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-20...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-20...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defecti...
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.