In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

**Remedial Actions**

To address all the vulnerabilities listed below, upgrade to version 8.3.0.2, 9.0.0.1, 9.1.0.1, or 10.0 and apply the appropriate HotFix linked above.

**Issue**

**Issue #1: Unauthorized account creation, modification**

Under specific conditions an authenticated remote attacker may be able to create or modify accounts.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.9 (/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
*   Affected Versions: 10.0 and earlier
*   Recommended actions:
    *   Review OpsCenter user accounts to ensure this vulnerability has not been exploited in your OpsCenter implementation. Use these instructions to view the OpsCenter user account information.
    *   Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the appropriate HotFix.

**Issue #2: Remote command execution.**

An unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.8 (/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 9.1.0.1 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the HotFix as needed.

**Issue #3: Remote command execution.**

An unauthenticated remote attacker may be able to perform a remote command execution through a Java classloader manipulation.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.8 (/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 8.2 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0.

**Issue #4: Path Traversal vulnerability**

NetBackup OpsCenter may be vulnerable to a Path Traversal attack via esapi-2.2.3.1 third party component.

*   CVE ID: CVE-2022-23457
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 10.0 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the HotFix.

**Issue #5: Local privilege escalation**

An attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.3 (/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
*   Affected Versions: 8.2 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0.

**Issue #6: Hard coded credentials vulnerability**

A hard-coded credential was discovered in NetBackup OpsCenter that could be used to exploit the underlying VxSS subsystem

*   CVE ID: TBA
*   Severity: High
*   CVSS v3.1 Base Score: 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 10.0 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the appropriate HotFix.

**Issue #7: DOM XSS vulnerability**

NetBackup OpsCenter is vulnerable to a DOM XSS attack.

*   CVE ID: TBA
*   Severity: Medium
*   CVSS v3.1 Base Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
*   Affected Versions: 10.0 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the appropriate HotFix.

**Issue #8: Information leakage**

Certain OpsCenter endpoints could allow an unauthenticated remote attacker to gain sensitive information.

*   CVE ID: To Be Assigned
*   Severity: Medium
*   CVSS v3.1 Base Score: 4.3 (/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
*   Affected Versions: 8.2 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0.

**Acknowledgement**

Veritas would like to thank the following Airbus Security Team members for notifying us about several of the issues in this advisory: Mouad Abouhali, Benoit Camredon, Nicholas Devillers, Anais Gantet, and Jean-Romain Garnier.

**Disclaimer**

AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Veritas Technologies LLC  
2625 Augustine Drive  
Santa Clara, CA 95054

CVE-2022-36949: HotFix for Security Advisory Impacting NetBackup OpsCenter

In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVE-2022-36954: HotFix for Security Advisory Impacting NetBackup OpsCenter

In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVE-2022-36953: HotFix for Security Advisory Impacting NetBackup OpsCenter

Red Hat Security Advisory 2022-5681-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security and bug fix update  
Advisory ID:       RHSA-2022:5681-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5681  
Issue date:        2022-07-21  
CVE Names:         CVE-2022-21540 CVE-2022-21541 CVE-2022-34169  
====================================================================  
1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)  
(CVE-2022-34169)

* OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)

* OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot,  
8281866) (CVE-2022-21541)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance()  
[rhel-8, openjdk-11] (BZ#2099918)

* Revert to disabling system security properties and FIPS mode support  
together [rhel-8, openjdk-11] (BZ#2108249)

* SecretKey generate/import operations don't add the CKA_SIGN attribute in  
FIPS mode [rhel-8, openjdk-11] (BZ#2108252)

* Detect NSS at Runtime for FIPS detection [rhel-8, openjdk-17]  
(BZ#2108269)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2099918 - rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance() [rhel-8, openjdk-11] [rhel-8.4.0.z]  
2108249 - Revert to disabling system security properties and FIPS mode support together [rhel-8, openjdk-11] [rhel-8.4.0.z]  
2108252 - SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode [rhel-8, openjdk-11] [rhel-8.4.0.z]  
2108269 - Detect NSS at Runtime for FIPS detection [rhel-8, openjdk-17] [rhel-8.4.0.z]  
2108540 - CVE-2022-21540 OpenJDK: class compilation issue (Hotspot, 8281859)  
2108543 - CVE-2022-21541 OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)  
2108554 - CVE-2022-34169 OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
java-11-openjdk-11.0.16.0.8-1.el8_4.src.rpm

aarch64:  
java-11-openjdk-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el8_4.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el8_4.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el8_4.s390x.rpm

x86_64:  
java-11-openjdk-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm

ppc64le:  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm

s390x:  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm

x86_64:  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21540  
https://access.redhat.com/security/cve/CVE-2022-21541  
https://access.redhat.com/security/cve/CVE-2022-34169  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkH9zjgjWX9erEAQhMuxAAjBBiwVoupN7K7vGJxGdqZIDBhb7zAFPU  
9Wc0UkVBgakIZyAHUUngb8OuraUHIKA9jYinELqSqR5CkMRRNyU+uawUIVb5AfpM  
mlaszWok2XFh0pUi3A3cc3hAvzXKiOuJTauahF3Gp979YlKkdg7HMpYCaRXb3jyU  
vAdU5RtTpLEoVy8Yi0k/8aTx578OJDosIxe/7hcu4F9HyF6WQzK1pY9lnafh2lxn  
ageHEVKkrhTmBLjx3jrINiavlqYxiwwhAs+MFheVjZICSQUQFhlsh6GlYXhQi2+m  
ioUxPpWw1aBg+qqlOchQQDRRvqjx8JtovuoUD5yH5ZQau1XSQw/LisYu2fvGgKU6  
u/1ooinqW1NlCGtCmHM/f3oVNY/u6/8WZgYRHrBdEOSvpC4zZx9uCLPrRYLMMvfN  
NB0Co1ww6AXd5QwuKNBUgcV6f/Ni5ReuUODsMF200STjzAC0dnKTmKmI6zNbTcDR  
OLW+Jc5hG5MyC7jIKnpNXcXz40sv4Cp6K53LhwctR5HDdkz61cnoT9ULp0s4EEDj  
yoO73HBLfjNv/sxTxgazIEj3jyKFWw7IoMRHQrW+dbVB5h0+r8CBnQPnTYJ4Pn5n  
tazGC8McjeKzC4c4h68/lUwmnaCbNLm/MGtNqxO0BIeelacM+LXhEMTQkykiUopv  
TGrZ5kpHGSI=9lTp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5681-01

Red Hat Security Advisory 2022-5532-01 - This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, information leakage, memory leak, privilege escalation, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Fuse 7.11.0 release and security update  
Advisory ID:       RHSA-2022:5532-01  
Product:           Red Hat JBoss Fuse  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5532  
Issue date:        2022-07-07  
CVE Names:         CVE-2020-7020 CVE-2020-9484 CVE-2020-15250  
                   CVE-2020-25689 CVE-2020-29582 CVE-2020-36518  
                   CVE-2021-2471 CVE-2021-3629 CVE-2021-3642  
                   CVE-2021-3644 CVE-2021-3807 CVE-2021-3859  
                   CVE-2021-4178 CVE-2021-22060 CVE-2021-22096  
                   CVE-2021-22119 CVE-2021-22569 CVE-2021-22573  
                   CVE-2021-24122 CVE-2021-25122 CVE-2021-25329  
                   CVE-2021-29505 CVE-2021-30640 CVE-2021-33037  
                   CVE-2021-33813 CVE-2021-35515 CVE-2021-35516  
                   CVE-2021-35517 CVE-2021-36090 CVE-2021-38153  
                   CVE-2021-40690 CVE-2021-41079 CVE-2021-41766  
                   CVE-2021-42340 CVE-2021-42550 CVE-2021-43797  
                   CVE-2021-43859 CVE-2022-0084 CVE-2022-1259  
                   CVE-2022-1319 CVE-2022-21363 CVE-2022-21724  
                   CVE-2022-22932 CVE-2022-22950 CVE-2022-22968  
                   CVE-2022-22970 CVE-2022-22971 CVE-2022-22976  
                   CVE-2022-22978 CVE-2022-23181 CVE-2022-23221  
                   CVE-2022-23596 CVE-2022-23913 CVE-2022-24614  
                   CVE-2022-25845 CVE-2022-26336 CVE-2022-26520  
                   CVE-2022-30126  
====================================================================  
1. Summary:

A minor version update (from 7.10 to 7.11) is now available for Red Hat  
Fuse. The purpose of this text-only errata is to inform you about the  
security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat  
Fuse 7.10 and includes bug fixes and enhancements, which are documented in  
the Release Notes document linked in the References.

Security Fix(es):

* fastjson (CVE-2022-25845)

* jackson-databind (CVE-2020-36518)

* mysql-connector-java (CVE-2021-2471, CVE-2022-21363)

* undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319)

* wildfly-elytron (CVE-2021-3642)

* nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807)

* 3 qt (CVE-2021-3859)

* kubernetes-client (CVE-2021-4178)

* spring-security (CVE-2021-22119)

* protobuf-java (CVE-2021-22569)

* google-oauth-client (CVE-2021-22573)

* XStream (CVE-2021-29505, CVE-2021-43859)

* jdom (CVE-2021-33813, CVE-2021-33813)

* apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517,  
CVE-2021-36090)

* Kafka (CVE-2021-38153)

* xml-security (CVE-2021-40690)

* logback (CVE-2021-42550)

* netty (CVE-2021-43797)

* xnio (CVE-2022-0084)

* jdbc-postgresql (CVE-2022-21724)

* spring-expression (CVE-2022-22950)

* springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096,  
CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978)

* h2 (CVE-2022-23221)

* junrar (CVE-2022-23596)

* artemis-commons (CVE-2022-23913)

* elasticsearch (CVE-2020-7020)

* tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122,  
CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340,  
CVE-2022-23181)

* junit4 (CVE-2020-15250)

* wildfly-core (CVE-2020-25689, CVE-2021-3644)

* kotlin (CVE-2020-29582)

* karaf (CVE-2021-41766, CVE-2022-22932)

* Spring Framework (CVE-2022-22968)

* metadata-extractor (CVE-2022-24614)

* poi-scratchpad (CVE-2022-26336)

* postgresql-jdbc (CVE-2022-26520)

* tika-core (CVE-2022-30126)

For more details about the security issues, including the impact, CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including  
all applications, configuration files, databases and database settings, and  
so on.

Installation instructions are available from the Fuse 7.11.0 product  
documentation page:  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

4. Bugs fixed (https://bugzilla.redhat.com/):

1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE  
1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure  
1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller  
1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure  
1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system  
1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure  
1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c  
1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)  
1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream  
1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request  
1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression  
1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request  
1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS  
1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer  
1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy  
1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness  
1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive  
1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive  
1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive  
1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive  
2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine  
2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes  
2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients  
2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2  
2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure  
2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS  
2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical  
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling  
2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file  
2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method  
2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries  
2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data  
2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI  
2046279 - CVE-2022-22932 karaf: path traversal flaws  
2046282 - CVE-2021-41766 karaf: insecure java deserialization  
2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors  
2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability  
2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting  
2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS  
2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes  
2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)  
2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file  
2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception  
2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS  
2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability  
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr  
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects  
2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression  
2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)  
2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures  
2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability  
2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified  
2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31  
2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part  
2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket  
2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher  
2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor  
2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization

5. References:

https://access.redhat.com/security/cve/CVE-2020-7020  
https://access.redhat.com/security/cve/CVE-2020-9484  
https://access.redhat.com/security/cve/CVE-2020-15250  
https://access.redhat.com/security/cve/CVE-2020-25689  
https://access.redhat.com/security/cve/CVE-2020-29582  
https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2021-2471  
https://access.redhat.com/security/cve/CVE-2021-3629  
https://access.redhat.com/security/cve/CVE-2021-3642  
https://access.redhat.com/security/cve/CVE-2021-3644  
https://access.redhat.com/security/cve/CVE-2021-3807  
https://access.redhat.com/security/cve/CVE-2021-3859  
https://access.redhat.com/security/cve/CVE-2021-4178  
https://access.redhat.com/security/cve/CVE-2021-22060  
https://access.redhat.com/security/cve/CVE-2021-22096  
https://access.redhat.com/security/cve/CVE-2021-22119  
https://access.redhat.com/security/cve/CVE-2021-22569  
https://access.redhat.com/security/cve/CVE-2021-22573  
https://access.redhat.com/security/cve/CVE-2021-24122  
https://access.redhat.com/security/cve/CVE-2021-25122  
https://access.redhat.com/security/cve/CVE-2021-25329  
https://access.redhat.com/security/cve/CVE-2021-29505  
https://access.redhat.com/security/cve/CVE-2021-30640  
https://access.redhat.com/security/cve/CVE-2021-33037  
https://access.redhat.com/security/cve/CVE-2021-33813  
https://access.redhat.com/security/cve/CVE-2021-35515  
https://access.redhat.com/security/cve/CVE-2021-35516  
https://access.redhat.com/security/cve/CVE-2021-35517  
https://access.redhat.com/security/cve/CVE-2021-36090  
https://access.redhat.com/security/cve/CVE-2021-38153  
https://access.redhat.com/security/cve/CVE-2021-40690  
https://access.redhat.com/security/cve/CVE-2021-41079  
https://access.redhat.com/security/cve/CVE-2021-41766  
https://access.redhat.com/security/cve/CVE-2021-42340  
https://access.redhat.com/security/cve/CVE-2021-42550  
https://access.redhat.com/security/cve/CVE-2021-43797  
https://access.redhat.com/security/cve/CVE-2021-43859  
https://access.redhat.com/security/cve/CVE-2022-0084  
https://access.redhat.com/security/cve/CVE-2022-1259  
https://access.redhat.com/security/cve/CVE-2022-1319  
https://access.redhat.com/security/cve/CVE-2022-21363  
https://access.redhat.com/security/cve/CVE-2022-21724  
https://access.redhat.com/security/cve/CVE-2022-22932  
https://access.redhat.com/security/cve/CVE-2022-22950  
https://access.redhat.com/security/cve/CVE-2022-22968  
https://access.redhat.com/security/cve/CVE-2022-22970  
https://access.redhat.com/security/cve/CVE-2022-22971  
https://access.redhat.com/security/cve/CVE-2022-22976  
https://access.redhat.com/security/cve/CVE-2022-22978  
https://access.redhat.com/security/cve/CVE-2022-23181  
https://access.redhat.com/security/cve/CVE-2022-23221  
https://access.redhat.com/security/cve/CVE-2022-23596  
https://access.redhat.com/security/cve/CVE-2022-23913  
https://access.redhat.com/security/cve/CVE-2022-24614  
https://access.redhat.com/security/cve/CVE-2022-25845  
https://access.redhat.com/security/cve/CVE-2022-26336  
https://access.redhat.com/security/cve/CVE-2022-26520  
https://access.redhat.com/security/cve/CVE-2022-30126  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.11.0  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkRNzjgjWX9erEAQg9LQ/9HYM6Ig0vTdDrN6ITdimAnjShWe/4Nyxx  
iZeg/VprKnpSQDRvNKIKUBuiKSggiTY4MZa3dXSJLkS57EyqZiWWTT2ADyN0Z6cm  
+sAQar6GTPg9eyZdMDeuM7plwQQZk8mzSj8aDN2QzHevnmNBlHlVE2MwpZmzVUjo  
O3/UhM4up60Z5Ryyk/4tWRry8wpj7rL9pW3HiVkxdHlDNijaxJ7PerXGItMpVytT  
0IVDwHz3jdJJH3/5uaeippUFu1S+L+75CwIUlvr25YIj3XQ4Sv1vdLvamf8j9P+8  
pVRnRyPl7vh2hXl8p2fby58LBINJKmUOOugeMWo2yoz9B4HQiTUOqXrOTe9nUD+P  
Ntx9YGTX6UhNG562eTAGGrKi0J0rd11FdqVfw12JeXWGqzYRfFW/UdKaRYCUQt24  
9O7FuzAHALe5Bcl7rGtKvbnY2DyLJ4AO3YdbskS502sTFjEfcdPObfQWaYniBBhx  
n8cmjdMB3bdGzpbPt/tlnYFNqdC9MSEn2J8kSlGMWP5Ntj5WYzReTiPAFY42dYpM  
gA4vqWNTn+lRAPm232u4CY9K7cDCz8Qdz22hoS21YulQXV+lDYyeyxCv0SwmG4yO  
rL5Uv5DOSmtH8UHa/vLTHKW7R59uuOLeAumfjRVxj52DJSCUTTGeKjBVTkjkpzq4  
rUyXD0vegnU=m5cz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5532-01

Red Hat Security Advisory 2022-5636-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2022:5636-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5636  
Issue date:        2022-07-19  
CVE Names:         CVE-2022-1012 CVE-2022-1729 CVE-2022-32250  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: Small table perturb size in the TCP source port generation  
algorithm can lead to information leak (CVE-2022-1012)

* kernel: race condition in perf_event_open leads to privilege escalation  
(CVE-2022-1729)

* kernel: a use-after-free write in the netfilter subsystem can lead to  
privilege escalation to root (CVE-2022-32250)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Backport request of "genirq: use rcu in kstat_irqs_usr()" (BZ#2083311)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2064604 - CVE-2022-1012 kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak  
2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation  
2092427 - CVE-2022-32250 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
kernel-4.18.0-147.70.1.el8_1.src.rpm

aarch64:  
bpftool-4.18.0-147.70.1.el8_1.aarch64.rpm  
bpftool-debuginfo-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-core-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-cross-headers-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-debug-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-debug-core-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-debug-devel-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-debug-modules-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-debuginfo-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-devel-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-headers-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-modules-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-modules-extra-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-tools-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-147.70.1.el8_1.aarch64.rpm  
kernel-tools-libs-4.18.0-147.70.1.el8_1.aarch64.rpm  
perf-4.18.0-147.70.1.el8_1.aarch64.rpm  
perf-debuginfo-4.18.0-147.70.1.el8_1.aarch64.rpm  
python3-perf-4.18.0-147.70.1.el8_1.aarch64.rpm  
python3-perf-debuginfo-4.18.0-147.70.1.el8_1.aarch64.rpm

noarch:  
kernel-abi-whitelists-4.18.0-147.70.1.el8_1.noarch.rpm  
kernel-doc-4.18.0-147.70.1.el8_1.noarch.rpm

ppc64le:  
bpftool-4.18.0-147.70.1.el8_1.ppc64le.rpm  
bpftool-debuginfo-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-core-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-cross-headers-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-debug-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-debug-core-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-debug-devel-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-debug-modules-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-debuginfo-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-devel-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-headers-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-modules-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-modules-extra-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-tools-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-147.70.1.el8_1.ppc64le.rpm  
kernel-tools-libs-4.18.0-147.70.1.el8_1.ppc64le.rpm  
perf-4.18.0-147.70.1.el8_1.ppc64le.rpm  
perf-debuginfo-4.18.0-147.70.1.el8_1.ppc64le.rpm  
python3-perf-4.18.0-147.70.1.el8_1.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-147.70.1.el8_1.ppc64le.rpm

s390x:  
bpftool-4.18.0-147.70.1.el8_1.s390x.rpm  
bpftool-debuginfo-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-core-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-cross-headers-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-debug-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-debug-core-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-debug-debuginfo-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-debug-devel-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-debug-modules-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-debug-modules-extra-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-debuginfo-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-devel-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-headers-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-modules-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-modules-extra-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-tools-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-tools-debuginfo-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-zfcpdump-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-zfcpdump-core-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-147.70.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-147.70.1.el8_1.s390x.rpm  
perf-4.18.0-147.70.1.el8_1.s390x.rpm  
perf-debuginfo-4.18.0-147.70.1.el8_1.s390x.rpm  
python3-perf-4.18.0-147.70.1.el8_1.s390x.rpm  
python3-perf-debuginfo-4.18.0-147.70.1.el8_1.s390x.rpm

x86_64:  
bpftool-4.18.0-147.70.1.el8_1.x86_64.rpm  
bpftool-debuginfo-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-core-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-cross-headers-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-debug-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-debug-core-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-debug-devel-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-debug-modules-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-debuginfo-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-devel-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-headers-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-modules-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-modules-extra-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-tools-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-147.70.1.el8_1.x86_64.rpm  
kernel-tools-libs-4.18.0-147.70.1.el8_1.x86_64.rpm  
perf-4.18.0-147.70.1.el8_1.x86_64.rpm  
perf-debuginfo-4.18.0-147.70.1.el8_1.x86_64.rpm  
python3-perf-4.18.0-147.70.1.el8_1.x86_64.rpm  
python3-perf-debuginfo-4.18.0-147.70.1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1012  
https://access.redhat.com/security/cve/CVE-2022-1729  
https://access.redhat.com/security/cve/CVE-2022-32250  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkOtzjgjWX9erEAQjajxAAgUzK2KiGHsT+vCZ8Viq3nuejOLCyRt+w  
NlT2opRwOMSQBWj24HO++knH3MTkoNX5jC8Jn2B5cdWzaGAlOoazqjaQ9qbpeOKJ  
2Q0qgh7ncwl0I57G7OljTlK3xLhzUw41KGB+f/hr/vSQL/16UI533LOWXnpfmPix  
Ra9e+CCwW8iJvctUpKuuwKxqsj7rm01kbdscwyiaUJOjbt+zcMk0q+nkkRKVxLuA  
WIvKC8yJAuKPBpSs9kx2mzDrjS6Y4NZOPFU/hBnwuZi5zOQfF/eTCXZV+7/Ggtxa  
oghs4g0FNsqXEuuW1w39/fk7vohCv3V0wILJlEo4AYD4JnjX30RykdpWMWmpaODY  
UAufCkXE5YnjReQFY5D2ea/2vAL6fO2JSS7uZlDOiIB4phyb2O5RM86jkc/My5TO  
fU2s8ZMwLrLQODkELo8WzQzUWEsHcLPTxsP3CWGKpEKq5ycnuKr5kxcx8cWgoFLP  
s2ItnSFeaV6FPpPDo5SWdaYt09GB6f1gf3s7NMXYDamlZcb2SeCzrgAf+nW8BTMh  
fCdHRsA1P7ZUE8RDmZeZ5JfGOpU/ZnlNsXFtY0yDX3VEE8uSccAiV2wLPmGrSbPg  
RSYkjgjn1hC/t6JfWQ+WSFt7sCP0DT+noui4yPtx3XBRc4F6LCfaE/gnAOBNBgbO  
a0TEWeBBtZ8=tzSO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5636-01

Red Hat Security Advisory 2022-5709-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:5709-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5709  
Issue date:        2022-07-25  
CVE Names:         CVE-2022-21540 CVE-2022-21541 CVE-2022-34169  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

The following packages have been upgraded to a later upstream version:  
java-1.8.0-openjdk (1.8.0.342.b07). (BZ#2084776)

Security Fix(es):

* OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)  
(CVE-2022-34169)

* OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)

* OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot,  
8281866) (CVE-2022-21541)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance()  
[rhel-9, openjdk-8] (BZ#2099916)

* SecretKey generate/import operations don't add the CKA_SIGN attribute in  
FIPS mode [rhel-9, openjdk-8] (BZ#2107956)

* Revert to disabling system security properties and FIPS mode support  
together [rhel-9, openjdk-8] (BZ#2107958)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2084776 - Prepare for the next quarterly OpenJDK upstream release (2022-07, 8u342) [rhel-9] [rhel-9.0.0.z]  
2099916 - rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance() [rhel-9, openjdk-8] [rhel-9.0.0.z]  
2107956 - SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode [rhel-9, openjdk-8] [rhel-9.0.0.z]  
2107958 - Revert to disabling system security properties and FIPS mode support together [rhel-9, openjdk-8] [rhel-9.0.0.z]  
2108540 - CVE-2022-21540 OpenJDK: class compilation issue (Hotspot, 8281859)  
2108543 - CVE-2022-21541 OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)  
2108554 - CVE-2022-34169 OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
java-1.8.0-openjdk-1.8.0.342.b07-1.el9_0.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.342.b07-1.el9_0.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-1.el9_0.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-1.el9_0.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.342.b07-1.el9_0.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.342.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.342.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.342.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.342.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el9_0.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.342.b07-1.el9_0.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.342.b07-1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.342.b07-1.el9_0.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-1.el9_0.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.342.b07-1.el9_0.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-1.el9_0.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.342.b07-1.el9_0.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.342.b07-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21540  
https://access.redhat.com/security/cve/CVE-2022-21541  
https://access.redhat.com/security/cve/CVE-2022-34169  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFjz9zjgjWX9erEAQjPKg/9E7dGTrThaTmJZBkM9svjpyhtJ06DWgsn  
4cXAam2iNBQmTlRLWnMNgmH8DMwX5Xah3nNrhzXD4wrpCRF5KAzDbXoEHHtGTgDi  
IALqrZR4J1/0M62/XwhkLr+CQMNAh04n4ybzhaK8o23UqDCOShB2O806rKQfhryB  
r36iZMHMJ8tuDRL2JYZXGw/wSonHGzxxm4xgRezfpOtbaGs2B2mV9uKJXwuI7Bze  
BMN7Lyn6/Dsa37q+tHEzPq9n/MyPChEm3Kp9cW0Bz7FzQEdoDX1bcO+ra9xyqVfG  
/m5a7YNYUufvLrN4sH/cBjSweTSxPNNZeMWmjb5W1eWgGWqhAphuJHZQNrakX4Mo  
5PO7e+G65+/mL6sX7pj9hAMGL61VhPiPCw7wzfrsBhQdF63+sJXpCsvVS/v8DdYI  
vnPDOzVUD2kpil/rPzfIAY9k8sCiJl87dU1LeDC+XcER1AWb8mU/EC+AlRzEKplU  
3kVEKyNLf2W3+UjT/EIWgVRlQlNo8xHO4MGo7hBmUMsKu4ffbjmkm7qwH1VhMhFO  
DxSroHrJ0njGdkM0Lwu6Ak2NXpoEZ+pVS82N+qy11GpHmtWZp9qiTKG5lOWuKHIW  
EHkPYB7IpGOwEmRalIPACBO3N7Y4+MXWw2KY57NCbs0nujwFGSczkFtvRqqNgp8g  
glaFjlrYG3A=VY5j  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5709-01

Red Hat Security Advisory 2022-5687-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:5687-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5687  
Issue date:        2022-07-21  
CVE Names:         CVE-2022-21540 CVE-2022-21541 CVE-2022-34169  
====================================================================  
1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

The following packages have been upgraded to a later upstream version:  
java-11-openjdk (11.0.16.0.8). (BZ#2083258)

Security Fix(es):

* OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)  
(CVE-2022-34169)

* OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)

* OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot,  
8281866) (CVE-2022-21541)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2083258 - Prepare for the next quarterly OpenJDK upstream release (2022-07, 11.0.16) [rhel-7-9.z]  
2108540 - CVE-2022-21540 OpenJDK: class compilation issue (Hotspot, 8281859)  
2108543 - CVE-2022-21541 OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)  
2108554 - CVE-2022-34169 OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
java-11-openjdk-11.0.16.0.8-1.el7_9.src.rpm

x86_64:  
java-11-openjdk-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
java-11-openjdk-11.0.16.0.8-1.el7_9.src.rpm

x86_64:  
java-11-openjdk-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
java-11-openjdk-11.0.16.0.8-1.el7_9.src.rpm

ppc64:  
java-11-openjdk-11.0.16.0.8-1.el7_9.ppc64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.ppc64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.ppc64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.ppc64.rpm

ppc64le:  
java-11-openjdk-11.0.16.0.8-1.el7_9.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.ppc64le.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.ppc64le.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.16.0.8-1.el7_9.s390x.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.s390x.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.s390x.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.s390x.rpm

x86_64:  
java-11-openjdk-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.ppc64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.ppc64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.ppc64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.ppc64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.ppc64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.ppc64.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.ppc64.rpm

ppc64le:  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.ppc64le.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.ppc64le.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.ppc64le.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.ppc64le.rpm

s390x:  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.s390x.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.s390x.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.s390x.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.s390x.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.s390x.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.s390x.rpm

x86_64:  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
java-11-openjdk-11.0.16.0.8-1.el7_9.src.rpm

x86_64:  
java-11-openjdk-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el7_9.x86_64.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.i686.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21540  
https://access.redhat.com/security/cve/CVE-2022-21541  
https://access.redhat.com/security/cve/CVE-2022-34169  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFj+NzjgjWX9erEAQgGcQ/+IW5mfKQBsL2/+QkI2EO4sumC+6ky2zWo  
AV+9Xh03wYOyByppFt8DGFzczgRM8xlDGJDrPzomz5KfcCXzZJurLJ7cL7nio2at  
2yeNbsEowxRB4XlV1KB57fWRiEPNj1Pyx8/zlUjF8eW7xFm1jMhHKmNrl+obbQzL  
XQvjG/7OnX2hzqx6rYlMdWXlDFU8dC5lKlqPrU98pyGp3CqLkOiuL6LOGnSaswV/  
Z22VD6xufC+Z77M85wF916GqWmuZkcvQOwbcxoRDYx+QeBu9IV5vSM+reWldmikY  
hRTqcpKuv1eRs7h4+UNBfBMEqgZIbhEAzEePqnbc171ZlCtBDVfu2CHmR0tZPNzf  
4WWKaxaWC4sHEOlG0HnpDE+DIiMp41xPrP60UEmvyJ3bzpBbEgmOugeJMkVL6pRg  
dqy72vO/D4eaXdxfnjCZuDLqS/LvS53Dv2KnF2dGTxOjvx6dwwEv/J2comqU29ri  
nFWRMye6LGYE09AM/KCZjj7aEcM5c3yeI73lvEp50YTJ7IvsU+/v5HR4aUkE/ho3  
zHX1XDPV14alJTVK3/s2UnpjsZ3HJmr0uBlqkXcDsd+fk1fsqwl+OjSh5+qh7Tke  
mxFDoyjUdf6Iaob+5VCXlCqO6HK1MC9LYlJaaTOZVGreBsrhjvqQprJNMCbffXiL  
5iXoQzRtoAo=hKj8  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5687-01

Red Hat Security Advisory 2022-5685-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security update  
Advisory ID:       RHSA-2022:5685-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5685  
Issue date:        2022-07-21  
CVE Names:         CVE-2022-21540 CVE-2022-21541 CVE-2022-34169  
====================================================================  
1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)  
(CVE-2022-34169)

* OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)

* OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot,  
8281866) (CVE-2022-21541)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2108540 - CVE-2022-21540 OpenJDK: class compilation issue (Hotspot, 8281859)  
2108543 - CVE-2022-21541 OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)  
2108554 - CVE-2022-34169 OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
java-11-openjdk-11.0.16.0.8-1.el8_1.src.rpm

aarch64:  
java-11-openjdk-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.aarch64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_1.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.ppc64le.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_1.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.s390x.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_1.s390x.rpm

x86_64:  
java-11-openjdk-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_1.x86_64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21540  
https://access.redhat.com/security/cve/CVE-2022-21541  
https://access.redhat.com/security/cve/CVE-2022-34169  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkWtzjgjWX9erEAQhmyA/9EIKYnVlNNsXbaxdcihqe2OGnf8lljgIU  
91S/5ALN3gLf+/LH31uTNPQd6NkXtDetofylAfGyuvzZQ3rhiDtUviGfPeiCTpqw  
vuUXEIBwcFDp1Crlyq8/tvb7cPFc0ou2SGEQBFJQh7BUQqh819H8rSsKuYxRhBPl  
ui/LOJb4w164sZAZq70Iiq8Vu5rCWrqn8hsBisLJs8Dh7UN28zCsKfNzo0J4AOTz  
hhwul/bOmaplx7W1OKwnKXiBUSM9gKK6AeCYgjyJ7wrTjatbzkkTyLk6YMa42mjO  
MpCI27VfM+lQcEwgaIQHpb9xC5HC03wvAuxMZAMsHOCLZvdkIX59ZfX0QMm5H4DF  
3QLEse18FfavzE+Bl1x2NSywIUPjOSbluCZ8spFWQ3J3Aol4WlOWH4ONFwlXIIGr  
yUxQ9kkjJaUgs9es9Ue9ZctK2Vr8dF9MN5+2Hq+akSCm7bSkCHDX7WHzme6WqMdD  
Lq8VnWFDsHA6nHL0hn4E3FBFataeOdpAGdvre8ikYTRLp2FkaWpUEspmXS4aP+wz  
fr1nvGCKx0jXJ57ck86PytMR8GmGcwjz5a6UkDIuuJ3jTBSCoYv7/PY+NfoQfTnx  
Hu9a8i/4CyaeIru6o/hCZK9DXAI7Pm8jtxjZaqztwaGZ/FN0RY9ZyuLciNeb383E  
/oTa30L4uX8=JcNG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5685-01

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

Tag

#java