Headline
RHSA-2022:1487: Red Hat Security Advisory: java-1.8.0-openjdk security, bug fix, and enhancement update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
- CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
- CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
- CVE-2022-21476: OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
- CVE-2022-21496: OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
Synopsis
Important: java-1.8.0-openjdk security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
- OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
- OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
- OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
- OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
- OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2047529 - Prepare for the next quarterly OpenJDK upstream release (2022-04, 8u332) [rhel-7]
- BZ - 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
- BZ - 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
- BZ - 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
- BZ - 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
- BZ - 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
CVEs
- CVE-2022-21426
- CVE-2022-21434
- CVE-2022-21443
- CVE-2022-21476
- CVE-2022-21496
Red Hat Enterprise Linux Server 7
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.src.rpm
SHA-256: 0139483a8871ad678aeef2b256a456827a7f786bc2432a232195956b76f11bbb
x86_64
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: 10ceaf94233430d4b4faee38e39a4933894c4deb96df10401f6d026a39e07396
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 8e4a7645d9546e2bc3a3e3097f12b8909a47a7f754f122e9465164e85ebbdafa
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: cff609af1874420560475951149de818455a04def6e1b796ff42367e258d62a5
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: dd61092c54433fe52056fce1c0af666c93f06b90dc04109334634bd96445d4b9
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: f3147b37a8cfca5b96392f584f01af3264964a1b143b7b4d50df485a3e76a473
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: f3147b37a8cfca5b96392f584f01af3264964a1b143b7b4d50df485a3e76a473
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 940c1a096521736ed7639fc701e51e90c06acd22625a0aa575a50b3cc549d8df
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 940c1a096521736ed7639fc701e51e90c06acd22625a0aa575a50b3cc549d8df
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: d1e5ebd9b410efe8bc1de2ba94366f94b30933a43e1f32b7c4ca7db94919db09
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 647c33fdcd47b324502f4bd90fa8346f32810ce9c16db79b059e29d466faaf19
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: d59786db4a82387ca5f9ef8221cbfdb76172c6188df36f50ac0752888a7a5522
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: d0ac53dcc877e8c22277df895fa9edcc541085c4a538b875e4bfbcbe3ac268ab
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: ed0df5561399e91ac5d7e5960bd4c8b5121cc29cc9fc6a584fe4e46e1d004be2
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 3b59d84b1ac4f7ef31a299c027c7792300141a28e540fa820ec08c798780f3b5
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: 0d809e4f2b2a7d2a19ee7ca8efe6b4fce7920ba8e6e33d39ecb0ef8f3d0601eb
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: bdf7fd41ba81ae9ba67ea0ef0b0a787dcd5d16a65c41ef080c430d2942a05c71
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: 46e2906fbf2d4340009871cc2a43d24860445c3989e22df05ce682062d42163f
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: cb2bd0e951ca50394d65801658c664456d7a305046dd5f0b95e6d8369dcbe77a
Red Hat Enterprise Linux Workstation 7
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.src.rpm
SHA-256: 0139483a8871ad678aeef2b256a456827a7f786bc2432a232195956b76f11bbb
x86_64
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: 10ceaf94233430d4b4faee38e39a4933894c4deb96df10401f6d026a39e07396
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 8e4a7645d9546e2bc3a3e3097f12b8909a47a7f754f122e9465164e85ebbdafa
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: cff609af1874420560475951149de818455a04def6e1b796ff42367e258d62a5
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: dd61092c54433fe52056fce1c0af666c93f06b90dc04109334634bd96445d4b9
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: f3147b37a8cfca5b96392f584f01af3264964a1b143b7b4d50df485a3e76a473
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: f3147b37a8cfca5b96392f584f01af3264964a1b143b7b4d50df485a3e76a473
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 940c1a096521736ed7639fc701e51e90c06acd22625a0aa575a50b3cc549d8df
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 940c1a096521736ed7639fc701e51e90c06acd22625a0aa575a50b3cc549d8df
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: d1e5ebd9b410efe8bc1de2ba94366f94b30933a43e1f32b7c4ca7db94919db09
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 647c33fdcd47b324502f4bd90fa8346f32810ce9c16db79b059e29d466faaf19
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: d59786db4a82387ca5f9ef8221cbfdb76172c6188df36f50ac0752888a7a5522
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: d0ac53dcc877e8c22277df895fa9edcc541085c4a538b875e4bfbcbe3ac268ab
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: ed0df5561399e91ac5d7e5960bd4c8b5121cc29cc9fc6a584fe4e46e1d004be2
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 3b59d84b1ac4f7ef31a299c027c7792300141a28e540fa820ec08c798780f3b5
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: 0d809e4f2b2a7d2a19ee7ca8efe6b4fce7920ba8e6e33d39ecb0ef8f3d0601eb
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: bdf7fd41ba81ae9ba67ea0ef0b0a787dcd5d16a65c41ef080c430d2942a05c71
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: 46e2906fbf2d4340009871cc2a43d24860445c3989e22df05ce682062d42163f
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: cb2bd0e951ca50394d65801658c664456d7a305046dd5f0b95e6d8369dcbe77a
Red Hat Enterprise Linux Desktop 7
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.src.rpm
SHA-256: 0139483a8871ad678aeef2b256a456827a7f786bc2432a232195956b76f11bbb
x86_64
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: 10ceaf94233430d4b4faee38e39a4933894c4deb96df10401f6d026a39e07396
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 8e4a7645d9546e2bc3a3e3097f12b8909a47a7f754f122e9465164e85ebbdafa
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: cff609af1874420560475951149de818455a04def6e1b796ff42367e258d62a5
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: dd61092c54433fe52056fce1c0af666c93f06b90dc04109334634bd96445d4b9
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: f3147b37a8cfca5b96392f584f01af3264964a1b143b7b4d50df485a3e76a473
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: f3147b37a8cfca5b96392f584f01af3264964a1b143b7b4d50df485a3e76a473
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 940c1a096521736ed7639fc701e51e90c06acd22625a0aa575a50b3cc549d8df
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 940c1a096521736ed7639fc701e51e90c06acd22625a0aa575a50b3cc549d8df
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: d1e5ebd9b410efe8bc1de2ba94366f94b30933a43e1f32b7c4ca7db94919db09
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 647c33fdcd47b324502f4bd90fa8346f32810ce9c16db79b059e29d466faaf19
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: d59786db4a82387ca5f9ef8221cbfdb76172c6188df36f50ac0752888a7a5522
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: d0ac53dcc877e8c22277df895fa9edcc541085c4a538b875e4bfbcbe3ac268ab
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: ed0df5561399e91ac5d7e5960bd4c8b5121cc29cc9fc6a584fe4e46e1d004be2
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 3b59d84b1ac4f7ef31a299c027c7792300141a28e540fa820ec08c798780f3b5
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: 0d809e4f2b2a7d2a19ee7ca8efe6b4fce7920ba8e6e33d39ecb0ef8f3d0601eb
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: bdf7fd41ba81ae9ba67ea0ef0b0a787dcd5d16a65c41ef080c430d2942a05c71
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: 46e2906fbf2d4340009871cc2a43d24860445c3989e22df05ce682062d42163f
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: cb2bd0e951ca50394d65801658c664456d7a305046dd5f0b95e6d8369dcbe77a
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.src.rpm
SHA-256: 0139483a8871ad678aeef2b256a456827a7f786bc2432a232195956b76f11bbb
s390x
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.s390x.rpm
SHA-256: 061b87b1193388432951b642cdcdf183356d7ead23302ab902b73ed61488e914
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.s390x.rpm
SHA-256: 1cd393bf23e993dc9189335b9963db1d73a7c6220408c416e70c3a78a9c43d8f
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.s390x.rpm
SHA-256: bd2d0413b76181a87a8a3201f83756d6ea1ef8018fe88c954b8a819e3a2854d0
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.s390x.rpm
SHA-256: bd2d0413b76181a87a8a3201f83756d6ea1ef8018fe88c954b8a819e3a2854d0
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.s390x.rpm
SHA-256: a99ccd48de719456ac927fa27ea2ea19e9fe13d6a680ab0695c2646c82408dcc
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.s390x.rpm
SHA-256: 7c271dbf448878272429bac4cd0184ea36860a5437c5bc268f4f600088f5194c
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.s390x.rpm
SHA-256: 5604dea052c609ccff4862da752ce58a91be2fcd4f8aa0fbd9c540dc10fd2613
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: 0d809e4f2b2a7d2a19ee7ca8efe6b4fce7920ba8e6e33d39ecb0ef8f3d0601eb
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: bdf7fd41ba81ae9ba67ea0ef0b0a787dcd5d16a65c41ef080c430d2942a05c71
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.s390x.rpm
SHA-256: 19d1b8f7a64868aa5093a61f2c11fce2c0c01be0ab0dea29b7e20f1dc77c25a4
Red Hat Enterprise Linux for Power, big endian 7
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.src.rpm
SHA-256: 0139483a8871ad678aeef2b256a456827a7f786bc2432a232195956b76f11bbb
ppc64
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.ppc64.rpm
SHA-256: 41f4848aada9a0edc05126390d3796eb5a662c975fb3d8d5d60a2ce6f664fe7e
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.ppc64.rpm
SHA-256: 88883bc2f577990fe938468fc3aa639ee3cd5e2f10be186b4a0ae2aac823228b
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.ppc64.rpm
SHA-256: 0973284564a979b5558de6edd4513e8a9cdcd0fb461f0e7bbde84e037266653f
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.ppc64.rpm
SHA-256: 0973284564a979b5558de6edd4513e8a9cdcd0fb461f0e7bbde84e037266653f
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.ppc64.rpm
SHA-256: d4d7c3b0066954e807cade0c58767146aa254565adba9d6a98ff3a15ede4f227
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.ppc64.rpm
SHA-256: f4ae9058b830b87fa22a537c42ee71a93db43e5a7d1d5529844d264f85e56be0
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.ppc64.rpm
SHA-256: 8dafc12557cf4ee35f01a31e1ad2f646c2ff0131476596c3c467775dec1b21fd
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: 0d809e4f2b2a7d2a19ee7ca8efe6b4fce7920ba8e6e33d39ecb0ef8f3d0601eb
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: bdf7fd41ba81ae9ba67ea0ef0b0a787dcd5d16a65c41ef080c430d2942a05c71
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.ppc64.rpm
SHA-256: f55802580744c127c4519f5592ed621dbbabfdc718c5d38f94dadbeb8e00c619
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.src.rpm
SHA-256: 0139483a8871ad678aeef2b256a456827a7f786bc2432a232195956b76f11bbb
x86_64
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: 10ceaf94233430d4b4faee38e39a4933894c4deb96df10401f6d026a39e07396
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 8e4a7645d9546e2bc3a3e3097f12b8909a47a7f754f122e9465164e85ebbdafa
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: cff609af1874420560475951149de818455a04def6e1b796ff42367e258d62a5
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: dd61092c54433fe52056fce1c0af666c93f06b90dc04109334634bd96445d4b9
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: f3147b37a8cfca5b96392f584f01af3264964a1b143b7b4d50df485a3e76a473
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: f3147b37a8cfca5b96392f584f01af3264964a1b143b7b4d50df485a3e76a473
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 940c1a096521736ed7639fc701e51e90c06acd22625a0aa575a50b3cc549d8df
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 940c1a096521736ed7639fc701e51e90c06acd22625a0aa575a50b3cc549d8df
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: d1e5ebd9b410efe8bc1de2ba94366f94b30933a43e1f32b7c4ca7db94919db09
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 647c33fdcd47b324502f4bd90fa8346f32810ce9c16db79b059e29d466faaf19
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: d59786db4a82387ca5f9ef8221cbfdb76172c6188df36f50ac0752888a7a5522
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: d0ac53dcc877e8c22277df895fa9edcc541085c4a538b875e4bfbcbe3ac268ab
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: ed0df5561399e91ac5d7e5960bd4c8b5121cc29cc9fc6a584fe4e46e1d004be2
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: 3b59d84b1ac4f7ef31a299c027c7792300141a28e540fa820ec08c798780f3b5
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: 0d809e4f2b2a7d2a19ee7ca8efe6b4fce7920ba8e6e33d39ecb0ef8f3d0601eb
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: bdf7fd41ba81ae9ba67ea0ef0b0a787dcd5d16a65c41ef080c430d2942a05c71
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.i686.rpm
SHA-256: 46e2906fbf2d4340009871cc2a43d24860445c3989e22df05ce682062d42163f
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.x86_64.rpm
SHA-256: cb2bd0e951ca50394d65801658c664456d7a305046dd5f0b95e6d8369dcbe77a
Red Hat Enterprise Linux for Power, little endian 7
SRPM
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.src.rpm
SHA-256: 0139483a8871ad678aeef2b256a456827a7f786bc2432a232195956b76f11bbb
ppc64le
java-1.8.0-openjdk-1.8.0.332.b09-1.el7_9.ppc64le.rpm
SHA-256: e98d578cc9ed4b64b63f6f4e9dd3e9f4e09e6bbf7708ac371390160208cfd9b3
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el7_9.ppc64le.rpm
SHA-256: 0df6e244d7fc49ac6ed91a66739413d2565a0354d60ee0e35a11554536998760
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.ppc64le.rpm
SHA-256: 611a2732a03a28d069878605cf3e3b15fe283f997958e3ae990f06404981fb09
java-1.8.0-openjdk-debuginfo-1.8.0.332.b09-1.el7_9.ppc64le.rpm
SHA-256: 611a2732a03a28d069878605cf3e3b15fe283f997958e3ae990f06404981fb09
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el7_9.ppc64le.rpm
SHA-256: 9ef58d56a0e3d71c9cc9c0afd9b14a76bdc97c468dce5d81779d55e9871c8a2a
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el7_9.ppc64le.rpm
SHA-256: 8d0c8d1d156c0b4636194c8981b261a3af0016abb323d5d6568c73ffc8580ff3
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el7_9.ppc64le.rpm
SHA-256: d0136710d16a0d56055de274b372fb255df06e6a025fd7932b1bee1bd6e356aa
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: 0d809e4f2b2a7d2a19ee7ca8efe6b4fce7920ba8e6e33d39ecb0ef8f3d0601eb
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el7_9.noarch.rpm
SHA-256: bdf7fd41ba81ae9ba67ea0ef0b0a787dcd5d16a65c41ef080c430d2942a05c71
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el7_9.ppc64le.rpm
SHA-256: 682ba3636c71acbaf2583d8b750fb3a5ffd1a9700e48b2ea21a9babc5be7212c
Related news
ZoneMinder before 1.36.13 allows remote code execution via an invalid language.
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defecti...
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-20...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-20...
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151...
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.