Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1491: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
  • CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
  • CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
  • CVE-2022-21476: OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
  • CVE-2022-21496: OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
Red Hat Security Data
#vulnerability#linux#red_hat#apache#java

Synopsis

Important: java-1.8.0-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
  • OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
  • OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
  • OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
  • OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64

Fixes

  • BZ - 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
  • BZ - 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
  • BZ - 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
  • BZ - 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
  • BZ - 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

CVEs

  • CVE-2022-21426
  • CVE-2022-21434
  • CVE-2022-21443
  • CVE-2022-21476
  • CVE-2022-21496

Red Hat Enterprise Linux for x86_64 8

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.src.rpm

SHA-256: b5d063f7014dd18339febab4bfc447ad1a3bf66bcc8c38db55f591b1a6f1bb3e

x86_64

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: ef1c6f37bc8099f195168a07f8f1b6330453b97e1bca903237834890ae968e1a

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: d92ee5c114ae7b9a9abe87dc6ceaa88f5451df3c5660bc0bb286e6cf4a47ca0c

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: d5ab0631be890ebc5e437a04159cc19322233d3c0475029547a6e4f35ce9adc3

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 008ec3a1ad3e633a9239f6ee4bb4d3ea4f120a34ae5b10e5ad2807d2d7095966

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 20dc361eed75d719337639af8966db03fa8621cb7278a46ad3de500f8b4ab9a4

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 04c0fc18606c97e0cbf15087920f37415cb2cc75ebf709a6a8d96701c5cde59f

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 7f5ec2897a33802cd41619576d2db8de9bf2daa48df0d068fb10e8fd227edd7e

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 473b40bc0614666c93cd316f429e83f73ed40e7b3c2cdf5043fe22b915deb4fb

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: e42a2856634878ed69d921bd4f3bd9d48a39510ef801d0db3ce033d10a911584

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: fa1f565896084c8a097aff678c4e271f924abf746540d45e848ceca83bc6af58

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_5.noarch.rpm

SHA-256: ca18ea9260547a80c4764f1fe4875a026af3b8d6721814287d70479776d12d18

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_5.noarch.rpm

SHA-256: 800e3d3ab981f416f083dab3e3965297a10e019c269b8501e7b3d00d957d2352

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: ff501943b2f58518ef0ec03d707a097f6017645c631411946c715ad268f4a195

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.src.rpm

SHA-256: b5d063f7014dd18339febab4bfc447ad1a3bf66bcc8c38db55f591b1a6f1bb3e

s390x

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: 019beba82def501f243c5c04034203e048cc38194efceb6ad98172a34abe73b1

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: 1d1572361de2c70e7c6bdbf55f233b6eddb02f42e10f49f5193b0288d1bcef51

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: 19dcac83db33231ac59d562d057019f36a50eaee95deb0c6bae19265543599ed

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: 129e88399e12ff246164ab6b860b6aa58d7d98498b5d4967f802764ab580cd93

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: 6057b0e457ff7139ef0b7640b679006d72d04c1da45a4400d8bed965861686ce

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: 7baa9c893a579482ac99e50f741682cfe89c4e9a9a57bc3c17f4837d38523608

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: b70b1ece9ab8b8cef904244e8d674587fc9f51b009b67d290b8c5ac87ff8d95d

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: 8500fca3310a4e80d04bf0a9fc442f6d8d357b1efeb991fd7cbf9b66a20bdd85

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: ffc17979cdc41da47401b9b38b47c4ad10ae3c0b4fea31f4d528b3dbb075ea63

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: d49d3adc620784a0fdfdebb7adfa2dc0bfe80b71de4ca303344026d6f4593ab6

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_5.noarch.rpm

SHA-256: ca18ea9260547a80c4764f1fe4875a026af3b8d6721814287d70479776d12d18

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_5.noarch.rpm

SHA-256: 800e3d3ab981f416f083dab3e3965297a10e019c269b8501e7b3d00d957d2352

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_5.s390x.rpm

SHA-256: ccb72a9790fc0e2161497d5b6f9ccb76d46377992412c835ab3ec48493ffc6f9

Red Hat Enterprise Linux for Power, little endian 8

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.src.rpm

SHA-256: b5d063f7014dd18339febab4bfc447ad1a3bf66bcc8c38db55f591b1a6f1bb3e

ppc64le

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 4dc01245bba9982d70954ab14de7cb7c571862e901d2f8e6db6e62eec612313e

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 31358f5b82160fc089f25b70cb65a204eb2ce04f67107a596c2b11da4ca21094

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 2abdc9a599cd5727a9ec5983c5bacd5409eccca22538c46b76ad19e9a24ac256

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 82e9d76084a7959212a8457ce3632711ac9d41af7de09e2f5905e6c61b85b4e0

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 6b8421079c175df3c006f2b1e493b1f294a8e19873689273f4674a7e823ef128

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 188586350108eff0ee260d8cd62a776d1b48e72c2e16a4f3530bd7672c91bd73

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 0e761ba7ceddb672a1f03e32b77853bf688d9f3be1418e18f1ef3a349e55069e

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 08719c92fe5391b287700ba838b631e1094215a5ebad195e74aad77ea72308ca

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: ab1cabce3c918e19aeec3da18260a78ed0aee68a7ebcbbc650fdc094b4538078

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 9ab3105d9ffc4cf197b570d7d9ba787505a470d8e5c8c4a14be41dbc9d201ea4

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_5.noarch.rpm

SHA-256: ca18ea9260547a80c4764f1fe4875a026af3b8d6721814287d70479776d12d18

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_5.noarch.rpm

SHA-256: 800e3d3ab981f416f083dab3e3965297a10e019c269b8501e7b3d00d957d2352

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: a4132a199e77867d4b9f0f5cd6ca5909ac5c1718b94229adacb3ac4322986362

Red Hat Enterprise Linux for ARM 64 8

SRPM

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.src.rpm

SHA-256: b5d063f7014dd18339febab4bfc447ad1a3bf66bcc8c38db55f591b1a6f1bb3e

aarch64

java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 3747124a27a69b524c83c00f974d8a5b810b5ce1f0fc55fcef180ce8aa9ba090

java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 230d59e5ace7d6104e0c873c52780afb1e1f85fd2156892e2303e9e6b31463b3

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 3282882dae9f66b2b7f1d48d601fbb00c2ae36fee92b8d542967d58fad37bc82

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 39c107238e652cbe74dba162a0de50ea31b9285dbbad5403385ab056a9200602

java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 826484a63a51b4dd032262cb585306b3aa21ac151c890cea1a3eb31b20cbd7ab

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 7167f4f338227e5ea57a61e90b3d60de8ce9ca5e14c48961ea4e9d714cb64ee6

java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 4da077720ce88781d36950abed42fb6536f48a4dd48a578f633357701cc6264a

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 1757fe8ffe2c599de0576b4baf29ec83069b08d492525df0a95853d0b2ecd649

java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 8e516d8580cc791cadc3fc674ecbc9363088024d7182621e2e7e893dc027525e

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 8b461ab58d338e57a9923f46505904b53d40b14047010d028bb72de5ac642a88

java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_5.noarch.rpm

SHA-256: ca18ea9260547a80c4764f1fe4875a026af3b8d6721814287d70479776d12d18

java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_5.noarch.rpm

SHA-256: 800e3d3ab981f416f083dab3e3965297a10e019c269b8501e7b3d00d957d2352

java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 4d2f4364674e0d57eac9b14c7364f600b7d60ea632fd19e73cc07dd559caee26

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 6b8592ba6df062d72c8745af42fd7013e14c20b8a2ac380af000fb7d8f21b1b0

java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 8c767f0916f0ee58780cdde486e336adb46acf5bada76801bb13ddca1e9a4ee3

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: d5ab0631be890ebc5e437a04159cc19322233d3c0475029547a6e4f35ce9adc3

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 008ec3a1ad3e633a9239f6ee4bb4d3ea4f120a34ae5b10e5ad2807d2d7095966

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 04c0fc18606c97e0cbf15087920f37415cb2cc75ebf709a6a8d96701c5cde59f

java-1.8.0-openjdk-demo-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 4ca9625f26e39e11d7b1a0dd01b30627342683ff02d27c00ef98dc616b030022

java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 48e56a286b2d77eba8726b48a8dcb0a703a8d6ba37e0567316c25c206633b782

java-1.8.0-openjdk-demo-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 87c7fd7900e698f402500ac621aecf735ccc6759ff1dabd815716b693fc8c65d

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 13f0094726b6b0c25167d206e5bd433eae351c1021d65f41a67aae075ddd5da9

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 473b40bc0614666c93cd316f429e83f73ed40e7b3c2cdf5043fe22b915deb4fb

java-1.8.0-openjdk-devel-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: c9f97a99c5ddef35555a5f651a0dd6b31186f27c6a326b43eafa59d2b7212eb8

java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: caad0028a5ebbfdbbb77b9999be566fe59c3955acf901ee32e6d45eadc060dd4

java-1.8.0-openjdk-devel-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 77b09dd3db5dbd7434d92b266baa7b93064c6d2107f9de9e26779492569f987e

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 5c370ee21ddba4d8246b99eb2c1d4095e83101e2b09f8b3b54d4eacbaca73240

java-1.8.0-openjdk-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: c41f2b454543f474d5a36844b6cd6d9503ae68c0b9a5f33b08941502a843d968

java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: b7f4013e3c05d95aa511c5fd583c37ef449cf7840d361988acb7ba1f5424b778

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: fa1f565896084c8a097aff678c4e271f924abf746540d45e848ceca83bc6af58

java-1.8.0-openjdk-headless-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: ba43e24128978f79ea4994f310cbfc21d3ef92f5791f705ee03cdaa8d71e1ec9

java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: b8e527026d8a1d30678d86d2cceb60c430ff8f966ba7df0c1edb8cd6b395f859

java-1.8.0-openjdk-headless-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 5c341f3641b2be566a3ff5b36728070ca5340ee1ac8dd8512c0df3c7128de0ba

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 7bdcabef026986ed0a04d4acb0cd6ea2bb850b2b7319c0b06155801fc4c30c0d

java-1.8.0-openjdk-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: f3c61b74e5602a9042d927cbef29cd335c144f2b0d6280923e3da1a5f4ca1f8c

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 13e9de96bb4b65088b8728c1a1fcce5aadbe44550059b089df2bb64520bdc8bf

java-1.8.0-openjdk-src-fastdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 533029da45e8a883ea40ec03e948ecd8ab76a3d6df8b1e29bdc5c0b29f3fe0f0

java-1.8.0-openjdk-src-slowdebug-1.8.0.332.b09-1.el8_5.x86_64.rpm

SHA-256: 36a3427f3531af79578fe457394107a5f8dbbcbdf1c02628545fcec64cde588e

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM

ppc64le

java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 3a3c439ea2d1d3cb4b0d6d1e21bc277c7fdf37bc62c1caedd4d16478d09ce58d

java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: bd2ee629a1b428946ba4e4826ce45577ffc55e0c53bff7903095063c03d1a6ad

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 2abdc9a599cd5727a9ec5983c5bacd5409eccca22538c46b76ad19e9a24ac256

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 82e9d76084a7959212a8457ce3632711ac9d41af7de09e2f5905e6c61b85b4e0

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 188586350108eff0ee260d8cd62a776d1b48e72c2e16a4f3530bd7672c91bd73

java-1.8.0-openjdk-demo-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 3889aecf26533f4e0f496c61ec84788738032308375ea4cbe906ba4eb40e487c

java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 62c5702e84560066e35571787990735b7dbd059ae91c79c58d3b91266934ef5b

java-1.8.0-openjdk-demo-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 8411a687fe97eed7d25683b4bd3790931711c92c63d8ad7d216ea7d9c6338559

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 57164a6b1032d2b055a085c9573113f848893e43dc2e346e53fe58daea4a3abf

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 08719c92fe5391b287700ba838b631e1094215a5ebad195e74aad77ea72308ca

java-1.8.0-openjdk-devel-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 6fd01f963995f72de19024e2ff83daa018ad479e6bb3999b0761f1e3cddae5ee

java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 5f3b4096dedd3640a2eadb9990b2e29739f3baa3892c87f39fb1b63a4b4756b0

java-1.8.0-openjdk-devel-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 4e0b3da61e9cb92e75b4189454fc6baf46d9a74f951d9c261a38ed755b273044

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 9e0839ae49487e77e455d502ed414971088b162d9849febe6bf61c527150be05

java-1.8.0-openjdk-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 02dec386d49a70674ab9b98f405002902d2b7230e3d0898d51f3efe0a30af260

java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 8a61da09278b242c6cb9420081736ec67a89e692304cc316d561a2f139a96071

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 9ab3105d9ffc4cf197b570d7d9ba787505a470d8e5c8c4a14be41dbc9d201ea4

java-1.8.0-openjdk-headless-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: cbbe5d51f0082d88106e169fcc4c6e3d868bd58f0afafa415802743609d82340

java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: fcabdbd7adeff366ca3bf3d7183dc9fbc3995d3b741a192617baa4caa7cf14c6

java-1.8.0-openjdk-headless-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: feb909a7df22a518ce2edabd3bf2a8e35f2f199d3280e2664ee8e675d9cc9639

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 4250939242d24ee8d19d70d4b54b891647a761c89deef6c28fdc2e0e08d33cc9

java-1.8.0-openjdk-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 3312be43653ece3db3b053014b6baf76937e448ebc6f356fc12f5b17f9342d86

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 0505bfa774fbd1f322c674ffd6e71408f3681b2f3ffd130e03db550260273ce7

java-1.8.0-openjdk-src-fastdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: f801d9842f480ee7f49760237535b85d7f9725de73350d3998c89c74b136a5a9

java-1.8.0-openjdk-src-slowdebug-1.8.0.332.b09-1.el8_5.ppc64le.rpm

SHA-256: 95449c1ca4e0858b2fd45befa2a59ed49136d0ef66de9bdef417281160a73eeb

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM

aarch64

java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: b9a550db666936f33ad00accb7e62ac475b9fd7bedf976214444411016ad64ae

java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 73494cfbefea2daf6fb2816b517dcbba006e35a7cdcf9b5f17577e207e227f40

java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 3282882dae9f66b2b7f1d48d601fbb00c2ae36fee92b8d542967d58fad37bc82

java-1.8.0-openjdk-debugsource-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 39c107238e652cbe74dba162a0de50ea31b9285dbbad5403385ab056a9200602

java-1.8.0-openjdk-demo-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 7167f4f338227e5ea57a61e90b3d60de8ce9ca5e14c48961ea4e9d714cb64ee6

java-1.8.0-openjdk-demo-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 46e26399f6094b8cc52400aa0382f3971e94cbf597f7d85a3c3134ce5c077e25

java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 43bc3959ae661f1dbb6f07bc11332dce991dc050215356e10c23955f7a04da63

java-1.8.0-openjdk-demo-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: e96897034744cc844ea3c08e53a51995c8519cc9fc564fab442a0e21adc3d179

java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 3c69f2c34abeb979ebba92234e8e8c7c214e7bcf78bdbafaa31bcf61b410f2cc

java-1.8.0-openjdk-devel-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 1757fe8ffe2c599de0576b4baf29ec83069b08d492525df0a95853d0b2ecd649

java-1.8.0-openjdk-devel-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 7d82829a61601e04644e7303927f03d685804c112e992a11b03780331ed54af8

java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 80110f7a4582a35102aab8541395947a6077317e4545b7c4b39d9c3606d7e1e3

java-1.8.0-openjdk-devel-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: ef89559c3c6368d653d1f9abd862a84148d1df772ffb6c81ebb7e1be5118d488

java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 5251353db9acd93bf59121dd74ed3d0533b864f473801855cb605b3e553bcbd1

java-1.8.0-openjdk-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 88926ff6ea4e93d604113d8bda5b99c37a16f54fc613bc0db803fb5095573ab4

java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 24ddb6124c954f05e2d037d749b199aa01e99d4333e12f843dfe4137ceab0dc9

java-1.8.0-openjdk-headless-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 8b461ab58d338e57a9923f46505904b53d40b14047010d028bb72de5ac642a88

java-1.8.0-openjdk-headless-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: d5f8e5a164c34700c68092946e2925152d872f4fc0d52b3cf0d9bab11c5a8f00

java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 9c952fee0312e1a43c177cbe9d9d9471c5fde414e5be9f9e5319263990f83351

java-1.8.0-openjdk-headless-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 94439b2224e7a4af13949874ee565a962a57642878a349ebc1e7e79cf9e5584d

java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: 856660a233c5108052f932ac5e1fa0e0bec958062ff464996c4e25b780562212

java-1.8.0-openjdk-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: e5cca96414159eeab74f2ade45905c71a57d3a885f4a81ee92b92b7308d24a5c

java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: ede6e539baec8cc90bbbe5f2b1f1aa7ee354160d51e0dc6036b9b12ccb06a138

java-1.8.0-openjdk-src-fastdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: f1184e3e0619bc0e09fc272bfffd19e02783c7a6e2f1c652f76fe9e930135ee8

java-1.8.0-openjdk-src-slowdebug-1.8.0.332.b09-1.el8_5.aarch64.rpm

SHA-256: aeed537f5f18e7b52cbaf88b41f1844f6a2cd5e6710df1f9e85a89120dba086d

Related news

CVE-2022-29806: Release The Memory Remains 1.36.13 · ZoneMinder/zoneminder

ZoneMinder before 1.36.13 allows remote code execution via an invalid language.

CVE-2022-29499: Mitel Product Security Advisory 22-0002

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

CVE-2021-35250: SolarWinds Trust Center Security Advisories | CVE-2021-35250

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

CVE-2022-1441: fixed #2175 · gpac/gpac@3dbe11b

MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.

CVE-2022-25866: Uses --end-of-options after command options (for security reasons) · czproject/git-php@5e82d54

The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

CVE-2022-28290: 2022-28290 - Reflected Cross-Site Scripting in Welaunch

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request

CVE-2022-1391: WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion ≈ Packet Storm

The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.

CVE-2022-1396: WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting ≈ Packet Storm

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

CVE-2021-4225: CVEproject/wordpress_SP-Project_fileupload.md at main · pang0lin/CVEproject

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.

CVE-2022-1390: WordPress Admin Word Count Column 2.2 Local File Inclusion ≈ Packet Storm

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique

CVE-2022-24792: Merge pull request from GHSA-rwgw-vwxg-q799 · pjsip/pjproject@947bc1e

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.

CVE-2022-29078: EJS, Server side template injection RCE (CVE-2022-29078) - writeup

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

CVE-2022-26111: CVE-Advisory/CVE-2022-26111.pdf at main · post-cyberlabs/CVE-Advisory

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.

RHSA-2022:1490: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-20...

RHSA-2022:1489: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-20...

RHSA-2022:1488: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151...

RHSA-2022:1487: Red Hat Security Advisory: java-1.8.0-openjdk security, bug fix, and enhancement update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defecti...

CVE-2022-27428: v2.0: stored XSS Vulnerability · Issue #20 · bensonarts/GalleryCMS

A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.

CVE-2022-28053: V1.5.3: Unrestricted File Upload Vulnerability · Issue #325 · typemill/typemill

Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-27429: V1.9.5: SSRF Vulnerability · Issue #67 · Cherry-toto/jizhicms

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.

CVE-2022-28586: XSS on Hoosk v1.8 · Issue #63 · havok89/Hoosk

XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.