Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5684: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859)
  • CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
  • CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
Red Hat Security Data
#vulnerability#linux#red_hat#java#ibm#sap

Synopsis

Important: java-11-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169)
  • OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)
  • OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2108540 - CVE-2022-21540 OpenJDK: class compilation issue (Hotspot, 8281859)
  • BZ - 2108543 - CVE-2022-21541 OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
  • BZ - 2108554 - CVE-2022-34169 OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM

java-11-openjdk-11.0.16.0.8-1.el8_2.src.rpm

SHA-256: 4dca3d4377453d77bab07367f1b16af5f204da4b0a07143d75c2c847407df870

x86_64

java-11-openjdk-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 0327b30183065db2d8ec5f0b59d6933704635ca731b4115da011951abedf1dce

java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 739f3db46f1e15dec9aab8cfb095ab3eadd055a66360e9428ff79c873eb259a7

java-11-openjdk-debugsource-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 89b51d2d9dd0ec0b4461d22129aeb0db50f9b4ec61802e26bec0ba763f4f8901

java-11-openjdk-demo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 6565d7617ee5795ac12fb7cf6aa386f5d576a763770a90d1e1f9b7956884739b

java-11-openjdk-devel-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 8c6c425cd4a4a74198b81a6c4a542f32e522f206cc2e2a0de20b934e34e4916e

java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: be5342afeda9adcaba5163f5ce96f98f9003da3ec2e035a75ee686d1d208730b

java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: f936c2029e079e4030421bd1d0942fa45d78dc64e7e679a2879c6bcac6fbed60

java-11-openjdk-headless-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 0349f8e5c8cb11ed2468c96097a9348dbab4b1bc0acdfd2422e1a3a77f0513fa

java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 320020155c312d36ef9521e1036785bde1f681c30932afe775c8ff3343828bf9

java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 292e2a7fb014a80d625ea9d3d5e39c90669b5b45c0adbf4b04aaaa621a58d569

java-11-openjdk-javadoc-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d55b1c0685087e6187ca8093df0e834918d0826871596fc6cab9fc7676fe4ac0

java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 625e33170c5c8c5037f03b67c76fc1be4fa8d766cd9376002211ebbe0049bbf1

java-11-openjdk-jmods-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: c8dbc4c6e4a49e1bb8089b189bc29824bab5148ba8d34498ef83c878a7738834

java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d6fab203d451331ac22f3971c4f26d4b737788d28e23d3d0215c3b44faa7078e

java-11-openjdk-src-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d8de9eef1b1f743bf0d275e8df05d5c88bbfcc91e2b79b4f57a56ea43c9342d4

java-11-openjdk-static-libs-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: ff281bc44761827a14fdb8de49c6235528e9c84399bff4b37220be59bc6d91e3

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

java-11-openjdk-11.0.16.0.8-1.el8_2.src.rpm

SHA-256: 4dca3d4377453d77bab07367f1b16af5f204da4b0a07143d75c2c847407df870

x86_64

java-11-openjdk-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 0327b30183065db2d8ec5f0b59d6933704635ca731b4115da011951abedf1dce

java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 739f3db46f1e15dec9aab8cfb095ab3eadd055a66360e9428ff79c873eb259a7

java-11-openjdk-debugsource-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 89b51d2d9dd0ec0b4461d22129aeb0db50f9b4ec61802e26bec0ba763f4f8901

java-11-openjdk-demo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 6565d7617ee5795ac12fb7cf6aa386f5d576a763770a90d1e1f9b7956884739b

java-11-openjdk-devel-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 8c6c425cd4a4a74198b81a6c4a542f32e522f206cc2e2a0de20b934e34e4916e

java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: be5342afeda9adcaba5163f5ce96f98f9003da3ec2e035a75ee686d1d208730b

java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: f936c2029e079e4030421bd1d0942fa45d78dc64e7e679a2879c6bcac6fbed60

java-11-openjdk-headless-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 0349f8e5c8cb11ed2468c96097a9348dbab4b1bc0acdfd2422e1a3a77f0513fa

java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 320020155c312d36ef9521e1036785bde1f681c30932afe775c8ff3343828bf9

java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 292e2a7fb014a80d625ea9d3d5e39c90669b5b45c0adbf4b04aaaa621a58d569

java-11-openjdk-javadoc-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d55b1c0685087e6187ca8093df0e834918d0826871596fc6cab9fc7676fe4ac0

java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 625e33170c5c8c5037f03b67c76fc1be4fa8d766cd9376002211ebbe0049bbf1

java-11-openjdk-jmods-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: c8dbc4c6e4a49e1bb8089b189bc29824bab5148ba8d34498ef83c878a7738834

java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d6fab203d451331ac22f3971c4f26d4b737788d28e23d3d0215c3b44faa7078e

java-11-openjdk-src-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d8de9eef1b1f743bf0d275e8df05d5c88bbfcc91e2b79b4f57a56ea43c9342d4

java-11-openjdk-static-libs-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: ff281bc44761827a14fdb8de49c6235528e9c84399bff4b37220be59bc6d91e3

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM

java-11-openjdk-11.0.16.0.8-1.el8_2.src.rpm

SHA-256: 4dca3d4377453d77bab07367f1b16af5f204da4b0a07143d75c2c847407df870

s390x

java-11-openjdk-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: 4507eaf1e9212dc420dc78d3d298d813c34adbe1c488d1374a46bf385a599d72

java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: 865dcb6fcb308625dcf7eedf3bd1f16bbb0b7dfe8f0dacee95c141bd1dbfb16e

java-11-openjdk-debugsource-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: dbe159493a5fa0fbee0fb374866cbfc56005b5bab1348b8e6caf673a8f8251f9

java-11-openjdk-demo-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: 3f0ab0669ccda8de2314f6ed5f6156a5fae446a5b35123284616338bb06a9908

java-11-openjdk-devel-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: f0ac4728ba294e019c2992a0c1dd22c630ef790629d2d73b4d8cc88e66b2adae

java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: 5ee7beba14a3ca65bf3a8adbb77970b7c44d74f4c22c8925e411deb88a1efbc1

java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: 1d1b4c9a24a83b115382d418cdea79f320bb4dcb77c3f821d1119c4c6bbe4819

java-11-openjdk-headless-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: e4518581f2f329b59309d7291ce00cc9fb22709174052df64971dd3a9442b67e

java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: bf7690d3548283c29717fc1bbf502836f1dcc9855699b992dc19db57763aceaf

java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: 1beb42d70b6b9ce2bff887f054e6c7a3e555e968763910b86c195818b592678c

java-11-openjdk-javadoc-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: e273d903e8636abdcb30741b855e480b118853d0b502c11f9c685e689edd2cb4

java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: e2b81be8240b32144379c46ca019fd724f4b53c70bc0857b19e96c982cd4a630

java-11-openjdk-jmods-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: fe13c5c21d887beccfccd3b652244c761d1ef11ce82640aa93caa1565bd3f2e8

java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: 3076260ef0666abd5f13219966fc07a03c4543007db1146ea5118a7378ff1e7c

java-11-openjdk-src-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: c613fe39f0d7fd8477f3731e43f4652e2a7fcdc4448d6b2dca874920535265bf

java-11-openjdk-static-libs-11.0.16.0.8-1.el8_2.s390x.rpm

SHA-256: 4d504ae7f41acc4b350858232a5964eea058558692bb045bbc01ea7ecc4afcc5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM

java-11-openjdk-11.0.16.0.8-1.el8_2.src.rpm

SHA-256: 4dca3d4377453d77bab07367f1b16af5f204da4b0a07143d75c2c847407df870

ppc64le

java-11-openjdk-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: af9384343e65c8df69fc2bcca8f9328e723a705cd352df2923061b86dac8f0e3

java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: adde08e502ea6685f25837aaa9c06708fe0d38369ef684f2818cb3eededc0576

java-11-openjdk-debugsource-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 98f91121c7623084d547f69d5d2821de3c441bfdac17a7761a169b5c4fa2605a

java-11-openjdk-demo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 9e9e6b5fb58e33115204ad1f3a411657d3b03a56026a1ce85ce00f2557ada3b9

java-11-openjdk-devel-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 8b1bd492460a29f0bbe08927b0fb3e6ada45086f12e299203a0086d3bc370169

java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: f4016bcda8d8abf870535d69a7587eaf31dd71e773e88e45a01a3437c6f89801

java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 9413538266e5732c9660f2e28cb78a557563da0cc871e50dae14683c111a8ef3

java-11-openjdk-headless-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: b4c93228c7e0d9ba1713bb0d8e5a2216b8d3ffaed5b24281920fe64aa527bcd3

java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: bf3c911d395c5875a4dc2c9833ea5ec8f3c002f72acf4dd0cfbd7e91acfb98c7

java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: afadd3030fc6e97ad0d3b5338d2d547c4cdbc8f9af9bce141e7ee636853db29c

java-11-openjdk-javadoc-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: d8005b3d8fab4a2feff0b37806d80069fd2db210c7a76875abc2679073913bb1

java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 00bbb5eb6069bfa354c66e48b52bd13d9dda3c1615672ab8b6943c3433eb53f6

java-11-openjdk-jmods-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: baea95c92b87488ec61432051ca9e73eb6ef32464ade44c7e9fb8db56a6d63e2

java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: bda8daee387245be98a31239036860c41b8d8f1cd91bb5774659d22025244441

java-11-openjdk-src-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 48d92ab269172441cb955bc384040d12d4fa42b41167a4698595d9e9c06cce21

java-11-openjdk-static-libs-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: de6835d7119c43c16aa74bd6e6bec48268cc6984a942fc7290015b5dd3c196ee

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

java-11-openjdk-11.0.16.0.8-1.el8_2.src.rpm

SHA-256: 4dca3d4377453d77bab07367f1b16af5f204da4b0a07143d75c2c847407df870

x86_64

java-11-openjdk-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 0327b30183065db2d8ec5f0b59d6933704635ca731b4115da011951abedf1dce

java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 739f3db46f1e15dec9aab8cfb095ab3eadd055a66360e9428ff79c873eb259a7

java-11-openjdk-debugsource-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 89b51d2d9dd0ec0b4461d22129aeb0db50f9b4ec61802e26bec0ba763f4f8901

java-11-openjdk-demo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 6565d7617ee5795ac12fb7cf6aa386f5d576a763770a90d1e1f9b7956884739b

java-11-openjdk-devel-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 8c6c425cd4a4a74198b81a6c4a542f32e522f206cc2e2a0de20b934e34e4916e

java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: be5342afeda9adcaba5163f5ce96f98f9003da3ec2e035a75ee686d1d208730b

java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: f936c2029e079e4030421bd1d0942fa45d78dc64e7e679a2879c6bcac6fbed60

java-11-openjdk-headless-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 0349f8e5c8cb11ed2468c96097a9348dbab4b1bc0acdfd2422e1a3a77f0513fa

java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 320020155c312d36ef9521e1036785bde1f681c30932afe775c8ff3343828bf9

java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 292e2a7fb014a80d625ea9d3d5e39c90669b5b45c0adbf4b04aaaa621a58d569

java-11-openjdk-javadoc-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d55b1c0685087e6187ca8093df0e834918d0826871596fc6cab9fc7676fe4ac0

java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 625e33170c5c8c5037f03b67c76fc1be4fa8d766cd9376002211ebbe0049bbf1

java-11-openjdk-jmods-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: c8dbc4c6e4a49e1bb8089b189bc29824bab5148ba8d34498ef83c878a7738834

java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d6fab203d451331ac22f3971c4f26d4b737788d28e23d3d0215c3b44faa7078e

java-11-openjdk-src-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d8de9eef1b1f743bf0d275e8df05d5c88bbfcc91e2b79b4f57a56ea43c9342d4

java-11-openjdk-static-libs-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: ff281bc44761827a14fdb8de49c6235528e9c84399bff4b37220be59bc6d91e3

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM

java-11-openjdk-11.0.16.0.8-1.el8_2.src.rpm

SHA-256: 4dca3d4377453d77bab07367f1b16af5f204da4b0a07143d75c2c847407df870

aarch64

java-11-openjdk-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: 40698c89d2219e59e626e0ba40e6a0c3f9de0b63fbfeafa917b58a3de7b88b62

java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: b764a9978a015bf1cff0a209e385f699eac964680af9f1560d871670c437cf0c

java-11-openjdk-debugsource-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: be034d321d61518f4f23e31ed35995f1992a31ab46f006d452828afc02a21805

java-11-openjdk-demo-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: 6930f9214608efcc24408c4a2fe933858dff801c18aff1be36ba3ba18df54e36

java-11-openjdk-devel-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: 6a6171d426bc1dd3648383eccb725f432cc4ee86fd3183c2907973f06072de3b

java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: c244fb78cfd7fe40d4850b1d980f282368f4909e5e488569b585d8b0dd50657b

java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: a3d0ba16e32abc701c6106d3e5c3b01819605fdb7f97b0848bfed91c49f140f2

java-11-openjdk-headless-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: 126682d154a807e469d4339df4bd1a33efe0c96eade97c0de263c471c15d91c8

java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: 0ef763cc4713a0da9e90f388e1d8d3e4932a29e35776a092b9dc24a34f0e7c80

java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: ca9ac67ce43af5cd991734eee299ad99cd4cb3278bee671cf2cd3fa1ee3fec5c

java-11-openjdk-javadoc-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: fdf904fe160b15c9784890dd535bc56b5dd5750a1e57b60b1f0debd36f0ef847

java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: 4daf6d47b39b3ed52c092e4f6e857d978ba195dba7610ae60e9a2ce2c51de848

java-11-openjdk-jmods-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: fb5d6c37165f8c6706f529f2fefc1760a85110dc167aeb042833d744aabaa83a

java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: 7eb57897a0a56e65d716195ff36c0d2a10bdbb77b10b7593fb823b8b686e15f9

java-11-openjdk-src-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: 2807ad898fc5a5dd50f1791c3bf05acf2b1e9f74154e442b25c686270e5ba395

java-11-openjdk-static-libs-11.0.16.0.8-1.el8_2.aarch64.rpm

SHA-256: b8809d52faf3cb7c8a7df934b6c44f9e4cf2827d3acbb8cd44ab8403b755f5db

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

java-11-openjdk-11.0.16.0.8-1.el8_2.src.rpm

SHA-256: 4dca3d4377453d77bab07367f1b16af5f204da4b0a07143d75c2c847407df870

ppc64le

java-11-openjdk-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: af9384343e65c8df69fc2bcca8f9328e723a705cd352df2923061b86dac8f0e3

java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: adde08e502ea6685f25837aaa9c06708fe0d38369ef684f2818cb3eededc0576

java-11-openjdk-debugsource-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 98f91121c7623084d547f69d5d2821de3c441bfdac17a7761a169b5c4fa2605a

java-11-openjdk-demo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 9e9e6b5fb58e33115204ad1f3a411657d3b03a56026a1ce85ce00f2557ada3b9

java-11-openjdk-devel-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 8b1bd492460a29f0bbe08927b0fb3e6ada45086f12e299203a0086d3bc370169

java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: f4016bcda8d8abf870535d69a7587eaf31dd71e773e88e45a01a3437c6f89801

java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 9413538266e5732c9660f2e28cb78a557563da0cc871e50dae14683c111a8ef3

java-11-openjdk-headless-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: b4c93228c7e0d9ba1713bb0d8e5a2216b8d3ffaed5b24281920fe64aa527bcd3

java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: bf3c911d395c5875a4dc2c9833ea5ec8f3c002f72acf4dd0cfbd7e91acfb98c7

java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: afadd3030fc6e97ad0d3b5338d2d547c4cdbc8f9af9bce141e7ee636853db29c

java-11-openjdk-javadoc-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: d8005b3d8fab4a2feff0b37806d80069fd2db210c7a76875abc2679073913bb1

java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 00bbb5eb6069bfa354c66e48b52bd13d9dda3c1615672ab8b6943c3433eb53f6

java-11-openjdk-jmods-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: baea95c92b87488ec61432051ca9e73eb6ef32464ade44c7e9fb8db56a6d63e2

java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: bda8daee387245be98a31239036860c41b8d8f1cd91bb5774659d22025244441

java-11-openjdk-src-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: 48d92ab269172441cb955bc384040d12d4fa42b41167a4698595d9e9c06cce21

java-11-openjdk-static-libs-11.0.16.0.8-1.el8_2.ppc64le.rpm

SHA-256: de6835d7119c43c16aa74bd6e6bec48268cc6984a942fc7290015b5dd3c196ee

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

java-11-openjdk-11.0.16.0.8-1.el8_2.src.rpm

SHA-256: 4dca3d4377453d77bab07367f1b16af5f204da4b0a07143d75c2c847407df870

x86_64

java-11-openjdk-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 0327b30183065db2d8ec5f0b59d6933704635ca731b4115da011951abedf1dce

java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 739f3db46f1e15dec9aab8cfb095ab3eadd055a66360e9428ff79c873eb259a7

java-11-openjdk-debugsource-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 89b51d2d9dd0ec0b4461d22129aeb0db50f9b4ec61802e26bec0ba763f4f8901

java-11-openjdk-demo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 6565d7617ee5795ac12fb7cf6aa386f5d576a763770a90d1e1f9b7956884739b

java-11-openjdk-devel-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 8c6c425cd4a4a74198b81a6c4a542f32e522f206cc2e2a0de20b934e34e4916e

java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: be5342afeda9adcaba5163f5ce96f98f9003da3ec2e035a75ee686d1d208730b

java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: f936c2029e079e4030421bd1d0942fa45d78dc64e7e679a2879c6bcac6fbed60

java-11-openjdk-headless-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 0349f8e5c8cb11ed2468c96097a9348dbab4b1bc0acdfd2422e1a3a77f0513fa

java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 320020155c312d36ef9521e1036785bde1f681c30932afe775c8ff3343828bf9

java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 292e2a7fb014a80d625ea9d3d5e39c90669b5b45c0adbf4b04aaaa621a58d569

java-11-openjdk-javadoc-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d55b1c0685087e6187ca8093df0e834918d0826871596fc6cab9fc7676fe4ac0

java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: 625e33170c5c8c5037f03b67c76fc1be4fa8d766cd9376002211ebbe0049bbf1

java-11-openjdk-jmods-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: c8dbc4c6e4a49e1bb8089b189bc29824bab5148ba8d34498ef83c878a7738834

java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d6fab203d451331ac22f3971c4f26d4b737788d28e23d3d0215c3b44faa7078e

java-11-openjdk-src-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: d8de9eef1b1f743bf0d275e8df05d5c88bbfcc91e2b79b4f57a56ea43c9342d4

java-11-openjdk-static-libs-11.0.16.0.8-1.el8_2.x86_64.rpm

SHA-256: ff281bc44761827a14fdb8de49c6235528e9c84399bff4b37220be59bc6d91e3

Related news

Gentoo Linux Security Advisory 202405-16

Gentoo Linux Security Advisory 202405-16 - A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution. Versions greater than or equal to 6.6.0 are affected.

CVE-2023-32449: DSA-2023-173: Dell PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

RHSA-2022:6262: Red Hat Security Advisory: OpenShift Container Platform 4.6.61 bug fix and security update

Red Hat OpenShift Container Platform release 4.6.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6263: Red Hat Security Advisory: OpenShift Container Platform 4.6.61 security and extras update

Red Hat OpenShift Container Platform release 4.6.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Red Hat Security Advisory 2022-6252-02

Red Hat Security Advisory 2022-6252-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.784. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6040-01

Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

Ubuntu Security Notice USN-5546-1

Ubuntu Security Notice 5546-1 - Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17.

Ubuntu Security Notice USN-5546-2

Ubuntu Security Notice 5546-2 - USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18.

Red Hat Security Advisory 2022-5756-01

Red Hat Security Advisory 2022-5756-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Red Hat Security Advisory 2022-5753-01

Red Hat Security Advisory 2022-5753-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

RHSA-2022:5758: Red Hat Security Advisory: OpenJDK 17.0.4 Security Update for Portable Linux Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-21549: OpenJDK: random exponentials issue (Libraries, 8283875) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5757: Red Hat Security Advisory: OpenJDK 17.0.4 security update for Windows Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-21549: OpenJDK: random exponentials issue (Libraries, 8283875) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5754: Red Hat Security Advisory: OpenJDK 8u342 security update for Portable Linux Builds

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

Red Hat Security Advisory 2022-5681-01

Red Hat Security Advisory 2022-5681-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Red Hat Security Advisory 2022-5709-01

Red Hat Security Advisory 2022-5709-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Red Hat Security Advisory 2022-5687-01

Red Hat Security Advisory 2022-5687-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Red Hat Security Advisory 2022-5685-01

Red Hat Security Advisory 2022-5685-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

RHSA-2022:5726: Red Hat Security Advisory: java-17-openjdk security, bug fix, and enhancement update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-21549: OpenJDK: random exponentials issue (Libraries, 8283875) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5709: Red Hat Security Advisory: java-1.8.0-openjdk security, bug fix, and enhancement update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5698: Red Hat Security Advisory: java-1.8.0-openjdk security, bug fix, and enhancement update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5696: Red Hat Security Advisory: java-1.8.0-openjdk security, bug fix, and enhancement update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5697: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5700: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5701: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5695: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5687: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5681: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5681: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5681: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5683: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5683: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5683: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

RHSA-2022:5685: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21540: OpenJDK: class compilation issue (Hotspot, 8281859) * CVE-2022-21541: OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) * CVE-2022-34169: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

GHSA-9339-86wc-4qgf: Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.