Mishandling of untrusted input issue resolved by developers

John Leyden 24 October 2022 at 14:46 UTC

Mishandling of untrusted input issue resolved by developers

Security researchers have discovered a serious vulnerability in HyperSQL DataBase (HSQLDB) that poses a remote code execution (RCE) risk.

HSQLDB offers a Java\-based SQL relational database system. The technology – which is the second most popular embedded SQL database with 100 million downloads to date – is used for development, testing, and deployment of database applications.

HSQLDB is used by more than 3,120 Maven packages including LibreOffice, JBoss, Log4j, Hibernate, and Spring-Boot as well as various enterprise software packages.

**Parsing problem**

Security researchers from Code Intelligence discovered the RCE vulnerability (tracked as CVE-2022-41853 and rated with a near-maximum CVSS severity score of 9.8) after running a series of fuzzing tests.

More precisely, they found that the parsing procedure for binary and text format data in the java.sql.Statement and java.sql.PreparedStatement components of the technology were flawed.

All versions of the software up to and including HSQLDB version 2.7.0 are vulnerable. Code Intelligence contacted HSQL Development Group, the developers of HSQLDB, who responded promptly by putting together a fix and a workaround that helps safeguard previous versions.

Catch up on the latest secure development news and analysis

HSQLDB is yet to respond to a request for comment from The Daily Swig but security researchers from Code Intelligence have confirmed that a patch is in the pipeline.

“The issue is already fixed upstream and will be available in the next release,” Code Intelligence said. “From version 2.7.1. the property hsqldb.method\_class\_names must be defined with a list of class names or wild cards if any Java static method is used as an HSQLDB routine target.”

The previous implementations caused a problem because the use of Java static methods, except those in java.lang.Math, should not be allowed without defining the system property or else problems can arise.

**Root cause**

A technical write-up of the issue by Code Intelligence explains the root cause of the problem in more depth.

“By default, SQL statements can be used to call any static method from any Java class in the class path. HSQLDB (HyperSQL DataBase) allowed direct use of methods,” a post on Medium last week explains.

The vulnerability means that using java.sql.Statement or java.sql.PreparedStatement in pre-patch versions of HSQLDB along with untrusted input may leave applications vulnerable to an RCE attack.

In response to queries from The Daily Swig, Khaled Yakdan, co-founder of Code Intelligence, explained that an app does not have to be vulnerable to SQL injection for the issue to come into play.

“The current default configuration allows static methods of any class that is on the classpath to be used,” Yakdan said. “Moreover, direct use of methods is allowed for legacy compatibility.”

Yakden declined to speculate on which particular apps might be vulnerable, but he was able to explain the impact of the flaw in cases where it was activated.

“We only focus on finding bugs and don’t investigate which code bases are vulnerable,” Yakden told The Daily Swig. “The impact of this CVE is that if you use HyperSQL to process queries that include (untrusted) user input, attackers may be able to cause your app to execute arbitrary code.”

RELATED Apache Commons Text RCE: Resemblance to Log4Shell but exposure risk is ‘much lower’

HyperSQL DataBase flaw leaves library vulnerable to RCE

Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.

The next Core Update is released: IPFire 2.27 - Core Update 170. It features new IP blocklists for the firewall engine, significant improvements to Pakfire, modernizes the default cryptographic algorithm selection for IPsec connections, as well as a new kernel, and a plethora of bug fixes and security improvements under the hood.

**IP-Reputation Blocking to keep known threats out**

Based on prior development by Tim FitzGeorge, Stefan brought a new feature to the firewall engine, which allows the easy activation of various public IP-based blocklists, just by a single click.

All enabled blocklists are updated automatically at an appropriate interval (a technique we already deployed for updating IPS rulesets), and protect against various threats, such as IP addresses or networks having a poor reputation, being involved with cyber crime hosting, or simply not allocated, hence no traffic should be routed to and from them.

You probably wonder why IPFire now comes with yet another way for IP-based blocking. There are several motivations behind this:

*   IP blocklists are already available for the Intrusion Prevention System. However, it is a rather expensive way for dealing with network traffic that can already be safely dropped based on the reputation of involved IPs. There is no need to waste more CPU resources on it than absolutely necessary - why not let the firewall engine itself handle such traffic, and bother the IPS with more relevant stuff?
*   The "drop all traffic from and to hostile networks" feature is meant as a basic level of network protection suitable for IPFire's _entire_ user base, hence enabled by default. It protects against "the baddest of the bad" on the internet, and does not require any attention or maintenance whatsoever.
*   IP blocklists, as introduced with this Core Update, provide a more fine-grained level, and your mileage may vary: For example, blocking Tor traffic might be appropriate for some IPFire users, but certainly not for all of them. Some may find certain blocklists to be too aggressive for their use-case.

One size doesn't always fit all. The IP blocklist feature is IPFire's way of take this into account, and make further protection against network threats easy and resource-efficient.

**IPsec: MODP-2048 is ejected for new connections in favour of ECP-384/-521**

Following recommendations not to use Diffie-Hellman groups shorter than 3,000 bits after 2022, MODP-2048 has been dropped from the default cryptographic algorithm selection for new IPsec connections. To provide a more performant alternative to MODP-3072 and MODP-4096 and to be more compatible to other vendors in the default configuration, the NIST-standardized elliptic curves ECP-384 and ECP-521 have been added to the defaults for new IPsec connections.

Existing IPsec connections remain unchanged. However, IPFire users operating IPsec connections are advised to revise the cryptographic settings for these, and drop using weak algorithms, if possible.

**Linux Kernel 5.15.59**

Among bug fixes throughout the kernel including security fixes and hardware support improvements, the updated kernel also adds mitigations against Retbleed, another CPU vulnerability affecting various Intel and AMD processors. IPFire's web interface has been updated to display the mitigation state of Retbleed accordingly.

The following kernel-related changes have been made in addition:

*   On x86_64, Intel DMA Remapping Devices (better known as IOMMU) are enabled by default during boot, if available.
*   To reduce attack surface, legacy DRM drivers are no longer available. Since the respective kernel modules have already been blocklisted for a long time, thus unusable, this should not have an impact in production.
*   64-bit ARM users experience improved KASLR thanks to the kernel's memory address now being randomized before unpacking it (#12363).
*   Merging slab caches is no longer permitted, to prevent kernel heap overflows, and adversaries interfering with cache structures used by several programs.
*   Support for PCI pass-through has been enabled to allow mapping PCI devices into VMs running on IPFire (#12754).

**Miscellaneous**

*   Robin Roevens contributed a series of improvements to Pakfire, such as better error handling on downloads, and refactored a lot of code under the hood.
*   He also updated and improved the Zabbix agent add-on, which now features version 6.0.6 (LTS).
*   Support for assigning aliases to multiple RED interfaces has been added.
*   Non-unique hardware UUIDs as well as empty serial numbers are now ignored for computing Fireinfo profile IDs (#12896).
*   The blocklist of the University of Toulouse is now downloaded via HTTPS (#12891).
*   Logwatch summaries are now properly included in backups (#12827).
*   ncurses terminfo files for tmux are now properly shipped, resolving #12905.
*   All logged IPS events are now correctly displayed in the web interface (#12899).
*   Mount options of /boot have been hardened on both existing installations and new x86_64 IPFire instances.
*   On new installations, the partition's size has also been increased to 256 MiB, since components such as the kernel keep getting bigger and bigger.
*   amazon-ssm-agent is now available on 64-bit ARM as well.
*   pyfuse3 is now packaged for BorgBackup (#12611).
*   Two stored XSS vulnerabilities have been fixed, thanks to JPCERT for reaching out (#12925).
*   Updated packages: Bash 5.1.16, bind 9.16.31, GnuTLS 3.7.7, harfbuzz 4.4.1, hdparm 9.64, intel-microcode 20220809, kmod 30, krb5 1.20, logwatch 7.7, lsof 4.95.0, nano 6.4, ninja 1.11.0, OpenSSL 1.1.1q, rpcsvc-proto 1.4.3, screen 4.9.0, sqlite 33900000, suricata 5.0.10, unbound 1.16.2, usbutils 014, vim 9.0, xfsprogs 5.18.0, zlib to incorporate a fix for CVE-2022-37434.
*   Updated add-ons: ClamAV 0.105.1, fmt 9.0.0, git 2.37.1, gptfdisk 1.0.9, gutenprint 5.3.4, haproxy 2.6.0, htop 3.2.1, i2c-tools 4.3,iperf 2.1.7, mpd 0.23.8, NRPE 4.1.0, openvmtools 12.0.5, pcengines-apu-firmware 4.17.0.1, python3-cryptography 36.0.2, qemu 7.0.0, qemu-ga 7.0.0, rsync to patch CVE-2022-29154, Samba 4.16.4, shairport-sync 3cc1ec6

As always, we thank all people contributing to this release in whatever shape and form. Please note IPFire is backed by volunteers, maintaining and improving this distribution in their spare time - should you like what we are doing, please donate to keep the lights on, an consider becoming engaged in development to distribute the load over more shoulders.

CVE-2022-36368: IPFire 2.27 - Core Update 170 released - The IPFire Blog

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.

Since BookStack can hold important information for users you should be aware of any potential security concerns. Read through the below to ensure you have secured your BookStack instance. Note, The below only relates to BookStack itself. The security of the server BookStack is hosted on is not instructed below but should be taken into account.

If you’d like to be notified of new potential security concerns you can sign-up to the BookStack security mailing list. For reporting security vulnerabilities, please see the “Security” section of the project readme on GitHub.

*   Initial Security Setup
*   Multi-Factor Authentication
*   Securing Images
*   Attachments
*   User Passwords
*   JavaScript in Page Content
*   Web Crawler Control
*   Secure Cookies
*   Host Iframe Control
*   Iframe Source Control
*   Failed Access Logging
*   Untrusted Server Side Requests
*   Content Security Policy (CSP)
*   MySQL SSL Connection
*   Using BookStack Content Externally

**Initial Security Setup**

1.  Ensure you change the password and email address for the initial admin@admin.com user.
2.  Ensure only the public folder is being served by your webserver. Serving files above this folder opens up a lot of code that does not need to be public. Triple check this if you have installed BookStack within the commonly used /var/www folder.
3.  Ensure the database user you’ve used for BookStack has limited permissions for only accessing the database used for BookStack data.
4.  Check that you’ve set the APP_URL option in your .env file so that system generated URLs cannot be manipulated.
5.  Within BookStack, go through the settings to ensure registration and public access settings are as you expect.
6.  Review the user roles in the settings area.
7.  Read the below to further understand the security for images & attachments.

**Multi-Factor Authentication**

Any user can enable multi-factor authentication (MFA) on their account. Upon login they would then need to use an extra proof of identity to gain access. BookStack currently supports the following mechanisms:

*   TOTP (Time-based One-Time Passwords)
    *   Labelled as “Mobile App” (Google/Microsoft Authenticator etc…).
    *   Uses a SHA1 algorithm internally (Greater algorithms have poor cross-app compatibility).
*   Backup Codes
    *   These are a list of 16 one-time-use codes.
    *   Users will be warned once they have less than 5 codes remaining.

Secrets and values for these options are stored encrypted within the database.

Where required, MFA can be forced upon users via their roles. This can be found via a “Requires Multi-Factor Authentication” checkbox seen when editing a role. If a user does not already have an MFA method configured, they will be forced to set one up upon next login.

**Securing Images**

By default, Images are stored in a way which is publicly accessible which ensures performance while using BookStack. Listed below are a few options for increasing image security.

**Alternative Storage Options**

Review our file upload storage options documentation for image storage options that add addition access or permission control to image requests.

**Complex Urls**

In the settings area of BookStack you can find the option ‘Enable higher security image uploads?’. Enabling this will add a 16 character random string to the name of image files to prevent easy guessing of URLs. This increases security without potential performance concerns.

**Prevent Directory Indexes**

It’s important to ensure you disable ‘directory indexes’ to prevent unknown users from being able to navigate their way through your images. Here’s the configuration for NGINX & Apache if your server allows directory indexes:

**NGINX**

    1
    2
    3
    4
    5
    

    # By default indexes are disabled on Nginx but if you have them enabled
    # add this to your BookStack server block
    location /uploads {
           autoindex off;
    }
    

**Apache**

    1
    2
    3
    4
    5
    

    # Add this to your Apache BookStack virtual host if Indexes are enabled.
    # If .htaccess file are enabled then the below should already be active.
    <Location "/uploads">
        Options -Indexes
    </Location>
    

You can test that indexes are disabled by attempting to navigate to <your_bookstack_url>/uploads/images in the browser after having uploaded at least one image. You should not see a list of files but instead a BookStack “Not Found” page.

**Attachments**

Attachments, if not using Amazon S3, are stored in the storage/uploads directory. By default, unlike images, these are stored behind the application authentication layer so access depends on permissions you have set up at a role level and page level.

If you are using Amazon S3 for file storage then access will depend on your S3 permission settings. Unlike images, BookStack will not automatically attempt to make uploaded attachments publically accessible.

**User Passwords**

User passwords, if not using an alternative authentication method, are stored in the database. These are hashed using the standard Laravel hashing methods which use the Bcrypt hashing algorithm.

**JavaScript in Page Content**

By default, JavaScript tags within page content is escaped when rendered. This can be turned off by setting ALLOW_CONTENT_SCRIPTS=true in your .env file. Note that even if you disable this escaping the WYSIWYG editor may still perform it’s own JavaScript escaping. This option will also alter the CSP rules set by BookStack.

_**This option disables some fundamental cross-site-scripting protections. Only use this option on secure instances, where only very trusted users can edit content**_

**Web Crawler Control**

The rules found in the /robots.txt file are automatically controlled via the “Allow public viewing?” setting. This can be overridden by setting ALLOW_ROBOTS=false or ALLOW_ROBOTS=true in your .env file. If you’d like to customise the rules this can be done via theme overrides.

**Secure Cookies**

BookStack uses cookies to track sessions, remember logins and for XSRF protection. When using HTTPS you may want to ensure that cookies are only sent back to the browser if the connection is over HTTPS. If you have set a https APP_URL option in your .env this will enabled automatically but it can also be forced on by setting SESSION_SECURE_COOKIE=true in your .env file.

**Host Iframe Control**

By default BookStack will only allow itself to be embedded within iframes on the same domain as you’re hosting on. This is done through a CSP: frame-ancestors header. You can add additional trusted hosts by setting a ALLOWED_IFRAME_HOSTS option in your .env file like the example below:

    1
    2
    3
    4
    5
    

    # Adding a single host
    ALLOWED_IFRAME_HOSTS="https://example.com"
    
    # Multiple hosts can be separated with a space
    ALLOWED_IFRAME_HOSTS="https://a.example.com https://b.example.com"
    

Note: when this option is used, all cookies will served with SameSite=None (info) set so that a user session can persist within the iframe.

**Iframe Source Control**

By default BookStack will only allow certain other hosts to be used as src values for embedded iframe/frame content within the application. This is done through a CSP: frame-src header. You can configure the list of trusted sources by setting a ALLOWED_IFRAME_SOURCES option in your .env file like the examples below:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    

    # Adding a single host
    ALLOWED_IFRAME_SOURCES="https://example.com"
    
    # Multiple hosts can be separated with a space
    ALLOWED_IFRAME_SOURCES="https://a.example.com https://b.example.com"
    
    # Allow all sources
    # This opens vulnerability risk and should only be done in secure & trusted environments.
    ALLOWED_IFRAME_SOURCES="*"
    

By default this option is configured as follows:

    1
    

    ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com"
    

Note: The source of ‘self’ will always be automatically added to this CSP rule. In addition, the host used for the diagrams.net integration (If enabled) will be automatically appended to the lists of hosts.

**Failed Access Logging**

An option is available to log failed login events to a log file which is useful to identify users having trouble logging in, track malicious login attempts or to use with tools such as Fail2Ban. This works with login attempts using the default email & password login mechanism or attempts via LDAP login. Failed attempts are **not logged** for “one-click” social or SAML2 options.

To enable this you simply need to define the LOG_FAILED_LOGIN_MESSAGE option in your .env file like so:

    1
    

    LOG_FAILED_LOGIN_MESSAGE="Failed login for %u"
    

The optional “%u” element of the message will be replaced with the username or email provided in the login attempt when the message is logged. By default messages will be logged via the php error_log function which, in most cases, will log to your webserver error log files.

**Untrusted Server Side Requests**

Some features, such as the PDF exporting, have the option to make http calls to external user-defined locations to do things such as load images or styles. This is disabled by default but can be enabled if desired. This is required for using WKHTMLtoPDF as your PDF export renderer. This should only be enabled in BookStack environments where BookStack users and viewers are fully trusted.

To enable untrusted server side requests, you need to define the ALLOW_UNTRUSTED_SERVER_FETCHING option in your .env file like so:

    1
    

    ALLOW_UNTRUSTED_SERVER_FETCHING=true
    

**Content Security Policy (CSP)**

BookStack serves responses with a CSP header to increase protection again malicious content. This is especially important in a system such as BookStack where users can create a variety of HTML content, especially so if you allow untrusted users to create content in your instance. The CSP rules set by BookStack are as follows:

*   frame-ancestors 'self'
    *   Restricts what websites can embed BookStack pages via iframes.
    *   See the “Host Iframe Control” section above for details on expanding this rule to other hosts.
*   frame-source 'self' https://*.diagrams.net https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://embed.diagrams.net
    *   Restricts what sources are allowed to load for frames/iframes.
    *   Can be configured via a ALLOWED_IFRAME_SOURCES .env option.
    *   May be different depending on other configuration set.
*   script-src http: https: 'nonce-abc123' 'strict-dynamic'
    *   Restricts what scripts can be ran on a BookStack-served page.
    *   Will not be set if the ALLOW_CONTENT_SCRIPTS .env option is active.
    *   The nonce value used is randomly generated upon each request. It is automatically applied to any “Custom HTML Head Content” scripts.
*   object-src 'self'
    *   Restricts which embeddable content can be loaded onto a BookStack-served page.
    *   Will not be set if the ALLOW_CONTENT_SCRIPTS .env option is active.
*   base-uri 'self'
    *   Restricts what <base> tags can be added to a BookStack-served page.

If needed you should be able to set additional CSP headers via your webserver. If there’s a clash with an existing BookStack CSP header then browsers will generally favour the most restrictive policy.

**MySQL SSL Connection**

If your BookStack database is not on the same host as your web server, you may want to ensure the connection is encrypted using SSL between these systems. Assuming SSL is configured correctly on your MySQL server, you can enable this by defining the MYSQL_ATTR_SSL_CA option in your .env file like so:

    1
    2
    3
    4
    5
    

    # Path to Certificate Authority (CA) certificate file for your MySQL instance.
    # When this option is used host name identity verification will be performed
    # which checks the hostname, used by the client, against names within the
    # certificate itself (Common Name or Subject Alternative Name).
    MYSQL_ATTR_SSL_CA="/path/to/ca.pem"
    

**Using BookStack Content Externally**

In some scenarios you may use BookStack user-provided content externally (Accessed via the database or API). Such content is not guaranteed to be safe so keep security in mind when dealing with such content. In some cases, the system will apply some filtering to content in an attempt to prevent certain vulnerabilities, but this is not assured to be a bullet-proof defence.

Within its own interfaces, unless disabled, BookStack makes use of Content Security Policy (CSP) rules to heavily negate cross-site scripting vulnerabilities from user content. If displaying user content externally, it’s advised you also use defences such as CSP or other techniques such as disabling of JavaScript entirely.

CVE-2022-40690: Security ·  BookStack

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.

**Stored Cross Site Scripting Vulnerabilities in Hospital Management System Gurukul v4.0 #2**

**Cross site scripting in Hospital Management System Gurukul v4.0 Heading link**

Multiple **stored cross site scripting vulnerabilities** are present in Hospital Management System Gurukul v4.0

In the **add-patient.php** file, several **POST** **parameters** are directly used into the INSERT SQL query without any kind of escaping or sanitization.

      /\* ... \*/

if(isset($\_POST\['submit'\]))
{
    $docid=$\_SESSION\['id'\];
    $patname=$\_POST\['patname'\];
    $patcontact=$\_POST\['patcontact'\];
    $patemail=$\_POST\['patemail'\];
    $gender=$\_POST\['gender'\];
    $pataddress=$\_POST\['pataddress'\];
    $patage=$\_POST\['patage'\];
    $medhis=$\_POST\['medhis'\];
    $sql=mysqli\_query($con,"insert into tblpatient(Docid,PatientName,PatientContno,PatientEmail,PatientGender,PatientAdd,PatientAge,PatientMedhis)
values('$docid','$patname','$patcontact','$patemail','$gender','$pataddress','$patage','$medhis')");

      /\* ... \*/

In the **admin/manage-patients.php**, **doctor/manage-patient.php**, **doctor/view-patient.php**, **admin/view-patient.php** and **view-medhistory.php** files, the data that was inserted by the above-mentioned query is retrieved from the database and added to the current page.

      /\* Example from doctor/view-patient.php\*/

$vid=$\_GET\['viewid'\];
$ret=mysqli\_query($con,"select \* from tblpatient where ID='$vid'");
$cnt=1;
while ($row=mysqli\_fetch\_array($ret)) {

    /\* ... \*/
    echo $row\['PatientName'\];
    /\* ... \*/
    echo $row\['PatientEmail'\];
    /\* ... \*/
    echo $row\['PatientContno'\];
    /\* ... \*/
    echo $row\['PatientContno'\];
    /\* ... \*/
    echo $row\['PatientAdd'\];
    /\* ... \*/
    echo $row\['PatientGender'\];
    /\* ... \*/
    echo $row\['PatientMedhis'\];
    /\* ... \*/
    echo $row\['CreationDate'\];
    /\* ... \*/

The vulnerable parameters through which the attack can be carried out are **patname**, **patemail**, **gender**, **pataddress** and **medhis** POST parameters.  
The following is one of the possible exploitation using the **medhis POST parameter**.

POST /hospitalmanagementsystemproject4/hospital/hms/doctor/add-patient.php HTTP/1.1
Host: localhost
Content-Length: 180
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="105", "Not)A;Brand";v="8"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/hospitalmanagementsystemproject4/hospital/hms/doctor/add-patient.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=lrqh66ialqjgfot5rcq90bnvjj
Connection: close

patname=Name4&patcontact=3124432845&patemail=Name3%40mail.com&gender=male&pataddress=3021+Halsted+St%2C+Chicago&patage=40&medhis=\[url-encoded-script\]&submit=

An attacker can easily inject malicious Javascript into the database and steal session cookies from users and administrators.

These vulnerabilities were found using the NAVEX project developed at SISL lab in UIC.

CVE-2022-42205: Stored Cross Site Scripting Vulnerabilities in Hospital Management System Gurukul v4.0 #2 | Systems and Internet Security Lab

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.

**Stored Cross Site Scripting Vulnerabilities in Hospital Management System Gurukul v4.0 #3**

**Cross site scripting in Hospital Management System Gurukul v4.0 Heading link**

Multiple **stored cross site scripting vulnerabilities** are present in Hospital Management System Gurukul v4.0

The files **doctor/view-patient.php**, **admin/view-patient.php** and **view-medhistory.php** share a common piece of code where several **POST** **parameters** are directly used into the INSERT SQL query without any kind of escaping or sanitization.

    /\* ... \*/

if(isset($\_POST\['submit'\]))
{

    $vid=$\_GET\['viewid'\];
    $bp=$\_POST\['bp'\];
    $bs=$\_POST\['bs'\];
    $weight=$\_POST\['weight'\];
    $temp=$\_POST\['temp'\];
    $pres=$\_POST\['pres'\];

    $query.=mysqli\_query($con,"insert tblmedicalhistory(PatientID,BloodPressure,BloodSugar,Weight,Temperature,MedicalPres) 
value('$vid','$bp','$bs','$weight','$temp','$pres')");

    
    /\* ... \*/

In the same files, the data that was inserted by the above-mentioned query is retrieved from the database and added to the current page.

      
    /\* ...\*/

while ($row=mysqli\_fetch\_array($ret)) { 

    echo $cnt;
    echo $row\['BloodPressure'\];
    echo $row\['Weight'\];
    echo $row\['BloodSugar'\];
    echo $row\['Temperature'\];
    echo $row\['MedicalPres'\];
    echo $row\['CreationDate'\];

    /\* ... \*/

The vulnerable parameters through which the attack can be carried out are **bp**, **bs**, **weight**, **temp** and **pres** POST parameters.  
The following is one of the possible exploitation using the **pres POST parameter**.

POST /hospitalmanagementsystemproject4/hospital/hms/doctor/view-patient.php?viewid=3 HTTP/1.1
Host: localhost
Content-Length: 94
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="105", "Not)A;Brand";v="8"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/hospitalmanagementsystemproject4/hospital/hms/doctor/view-patient.php?viewid=3
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=lrqh66ialqjgfot5rcq90bnvjj
Connection: close

bp=120%2F85&bs=12&weight=70kg&temp=36&pres=\[url-encoded-script\]&submit=

An attacker can easily inject malicious Javascript into the database and steal session cookies from users and administrators.

These vulnerabilities were found using the NAVEX project developed at SISL lab in UIC.

CVE-2022-42206: Stored Cross Site Scripting Vulnerabilities in Hospital Management System Gurukul v4.0 #3 | Systems and Internet Security Lab

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

CVE-2022-38108: Published | Zero Day Initiative

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

**SolarWinds Platform RC documentation** - The following content is a draft for a **SolarWinds Platform Release Candidate**. All content subject to change. Some links might not function yet.

RC date: October 19, 2022

These release notes describe the new features, improvements, and fixed issues in SolarWinds Platform 2022.4. They also provide information about upgrades and describe workarounds for known issues.

Learn more

*   For information on latest hotfixes, see SolarWinds Platform Hotfixes.
*   For release notes for previous SolarWinds Platform versions, see Previous Version documentation.
*   For information about requirements, see SolarWinds Platform 2022.4 System Requirements.
*   For information about working with the SolarWinds Platform, see the SolarWinds Platform Administrator Guide.

**New features and improvements in SolarWinds Platform**

Return to top

SolarWinds Platform 2022.4 offers the following improvements compared to previous releases of SolarWinds Platform.

*   SolarWinds Platform 2022.4 provides SWIS Verbs for managing common credentials, such as Orion.Credential.CreateCredentials & Orion.Credential.UpdateCredentials for creating/editing the credentials.
    
*   SolarWinds Platform 2022.4 supports the Kerberos protocol for WMI authentication.
    

**New customer installation**

Return to top

For information about installing SolarWinds Platform, see SolarWinds Installer.

**How to upgrade**

Use the SolarWinds Installer to upgrade your entire SolarWinds Platform deployment (all SolarWinds Platform products and any scalability engines) to the current versions.

You must be on Orion Platform 2020.2.1 or later to upgrade to SolarWinds Platform 2022.4. If you are on Orion Platform 2019.4 or earlier, first upgrade to 2020.2.6 and then upgrade to SolarWinds Platform 2022.4.

**Before you upgrade from 2020.2.x**

*   Before upgrading from Orion Platform 2020.2.6 and earlier to SolarWinds Platform 2022.3 or later, make sure the database user you use to connect to your SQL Server has the **db create** privilege. **Without this privilege, the upgrade will not complete.**
    
*   Legacy syslog and traps functionality has been retired and replaced with new log analysis functionality. Currently configured legacy rules and history will automatically be migrated during the upgrade.
*   Some upgrade situations from the Orion Platform to the SolarWinds Platform are not supported and the installer will stop the upgrade automatically.
    *   If you have a SQL Server older than 2016.
    *   If you have an Orion Platform product version 2019.4 or earlier.

**Fixed issues**

Return to top

SolarWinds Platform 2022.3 fixes the following issues.

 

Case Number

Description

614891, 787724, 980418, 986820

The issue where last month data was not interpreted correctly in PerfStack was addressed.

614233, 762559, 804478, 837222, 899624, 920603, 933885, 942223, 1059644, 1169810, 1171661, 1179118

The issue where report schedules with SAML accounts could not be created was addressed.

683517, 875616

The issue where Centralized Upgrade did not work with a proxy was resolved.

1067814, 1151313

The issue where the child status participation in node status was incorrect in fast polls was addressed.

936171, 946582, 1067460, 1131341

The issues with bulk assigning values on filtered rows were addressed.

802569

The issue where JobEngine Workers started slowly on computers without Internet access was addressed.

1144845, 1161775

The issue where configuration failed when installation location changed was addressed.

233154, 319006, 328477, 458287, 688246

The issues with CredentialManagerService slow methods were addressed.

778743

The issue where a Nexus switch was incorrectly recognized as Cisco was addressed.

973342, 977343

The issue where machine types for Cisco devices were only recognized as Cisco was addressed.

1102730

The issue where child status was not updated properly was addressed.

949509

The issue where collector log was flooded when processing Agent Node uptime was addressed.

761222

The unhandled exception in the Poller Checker tool was addressed.

1187140

The issue where the HA service stopped after the upgrade was addressed.

1187140

The issue where Observability templates were not delivered to the system was addressed.

636868

The issue where database maintenance failed to execute a procedure were addressed.

1144505

The issue where database maintenance job completed with errors caused by calling a legacy procedure was addressed.

928393

The issues with OIDs for Antaira Technologies, LLC and corresponding icons were addressed.

554483, 692820

The issue where main poller was used on bulk actions from Node Management for sending any requests to nodes was addressed.

893718

The issue where capacity forecast for CPU/memory was not calculated was addressed.

1184046

The issue where scalability engines installation failed because of a free tool installed in the SolarWinds folder was addressed.

**CVEs**

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

    

CVE-ID

Vulnerability Title

Description

Severity

Credit

CVE-2022-36966

Insecure Direct Object Reference Vulnerability

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3.

5.9 Medium

Asim Liaquat

CVE-2022-36957

SolarWinds Platform Deserialization of Untrusted Data

This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands on the Main Poller of affected versions of the SolarWinds Platform.

7.2 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-36958

SolarWinds Platform Deserialization of Untrusted Data

This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands on the Main Poller of affected versions of the SolarWinds Platform.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-38108

SolarWinds Platform Deserialization of Untrusted Data

This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands on the Main Poller of affected versions of the SolarWinds Platform.

7.2 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

**End of life**

Return to top

For modules based on Orion Platform 2020.2.6 and earlier, SolarWinds is announcing future end-of-life plans for your convenience. As always, SolarWinds recommends you upgrade to the latest version of your products at your earliest convenience.

   

Version

EOL Announcements

EOE Effective Dates

EOL Effective Dates

2020.2.6

**April 18, 2023**: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2020.2.6 should begin transitioning to the latest version of SolarWinds Platform.

**May 18, 2023**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2020.2.6 will no longer be actively supported by SolarWinds.

**May 18, 2024**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2020.2.6

2020.2.5

**January 18, 2023**: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2020.2.5 should begin transitioning to the latest version of SolarWinds Platform.

**February 17, 2023**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2020.2.5 will no longer be actively supported by SolarWinds.

**February 17, 2024**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2020.2.5.

2020.2.4

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2020.2.4 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2020.2.4 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2020.2.4.

2020.2.1

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2020.2.1 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2020.2.1 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2020.2.1.

2020.2

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on NSolarWinds Platform 2020.2 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2020.2 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2020.2.

See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.

**End of support**

Return to top

This version of SolarWinds Platform no longer supports the following platforms and features.

 

Type

Details

Microsoft Windows Server 2012 R2

Windows Server 2012 R2 is not supported in SolarWinds Platform 2022.4.

SolarWinds recommends that you upgrade the operating system of your SolarWinds Platform server to Windows Server 2016 or later. See SolarWinds Platform 2022.4 System Requirements.

**Legal notices**

Return to top

© 2022 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

CVE-2022-36966: SolarWinds Platform 2022.4  Release Notes

Red Hat Security Advisory 2022-7005-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2022:7005-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7005  
Issue date:        2022-10-19  
CVE Names:         CVE-2022-21619 CVE-2022-21624 CVE-2022-21626  
                   CVE-2022-21628  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: excessive memory allocation in X.509 certificate parsing  
(Security, 8286533) (CVE-2022-21626)

* OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server,  
8286918) (CVE-2022-21628)

* OpenJDK: improper handling of long NTLM client hostnames (Security,  
8286526) (CVE-2022-21619)

* OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI,  
8286910) (CVE-2022-21624)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2133745 - CVE-2022-21619 OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)  
2133753 - CVE-2022-21626 OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)  
2133765 - CVE-2022-21624 OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)  
2133769 - CVE-2022-21628 OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_4.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_4.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.352.b08-2.el8_4.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.352.b08-2.el8_4.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_4.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_4.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21619  
https://access.redhat.com/security/cve/CVE-2022-21624  
https://access.redhat.com/security/cve/CVE-2022-21626  
https://access.redhat.com/security/cve/CVE-2022-21628  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1C45tzjgjWX9erEAQgeBA/+Jg4lDZYbAiH1xNPGqwJQdaDuPADdtKyB  
+G4CNz7mJ5/IHS+IjupRL2vuAybdGmd3sI2Mu6pI4dcEPPQ/mI/ub7jvmQPMJH0D  
9rwIWUqwfuDvPWHjskVWazUJHtTGwoRiFXacOUDtCmr4QS4ZhfVz1HYkmZoiIJiN  
11rU0pLnEcQi60Di+5rDl3rokCT5qlVLghaS5yPawdga9r88SWZBkcsQlYdUBdtj  
CaQVhzyBlf9LZkpVE+TI9DYSTpSvFxW8i8HRJb+YEdO2Ka5zod16wPmYbWkfmy5n  
3kfqkxHIJoiH8MLenaWvHMHsU36RQLYdfdnDFlyDSX53dN90EjRx52WwaSpt4UAb  
U3wRkm+b26BgdG74vD+QybPniLbw4RrHZbFCoDwcMQf/6UNXtA8N9jTP6mXNE/DB  
JDI1yl976P4Q1DWBI0ehRhF9v5WgU//smrjgj7pyPrvA2cqGK59zgdwKQP/b2G44  
ZX5ZiI7Fcyxnvyubuy9HyGBO4NBv7gb7x0j4jxk6AVxSeSdQ+Go4zNHSSN7W4sW7  
hLpao+PpYssg/woSOYo5c8/ivYaMLMdr7g4CsmuuDOXhjlvv96JEkv5LRgHJA6QB  
sOkDgCRXxrR+qQRESukB4G+wxgzCzr7MovofYNtqBAAk3MRbkIdUWaEirFGYEW55  
dX4Zb3IP+M0=T1In  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7005-01

Red Hat Security Advisory 2022-7006-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2022:7006-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7006  
Issue date:        2022-10-19  
CVE Names:         CVE-2022-21619 CVE-2022-21624 CVE-2022-21626  
                   CVE-2022-21628  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: excessive memory allocation in X.509 certificate parsing  
(Security, 8286533) (CVE-2022-21626)

* OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server,  
8286918) (CVE-2022-21628)

* OpenJDK: improper handling of long NTLM client hostnames (Security,  
8286526) (CVE-2022-21619)

* OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI,  
8286910) (CVE-2022-21624)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2133745 - CVE-2022-21619 OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)  
2133753 - CVE-2022-21626 OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)  
2133765 - CVE-2022-21624 OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)  
2133769 - CVE-2022-21628 OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.352.b08-2.el8_6.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.352.b08-2.el8_6.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21619  
https://access.redhat.com/security/cve/CVE-2022-21624  
https://access.redhat.com/security/cve/CVE-2022-21626  
https://access.redhat.com/security/cve/CVE-2022-21628  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1C5MNzjgjWX9erEAQjX+g/+LVBWbVKJBedf19M/NMdWPT9S90V6I/b9  
l4eWq9apoUGvRS4S6ba2qB1lS8og9jq+wWi5MInvtWyiKlvYdb038CQUkrFuMoDh  
KJWmw0iLkjrpOcFxu/eobmBfv0e7oUdYe2Z1Sz71AvtA06nGPUE5I/b+6nK2SMET  
Sol3DHvPt9JPAjAi1ZgR5LLjaoAaX9S/5VRSqLYxVMStsdc/gb15K+6c2/3SvG0L  
fwuepsXTbWNBntFde0X+xoV2lWP7FEiP73oTc/Ig0i1EdIYeO7cNSR7aC5vB7hYw  
3DQbsbscyfLKoTCJHPju/oJDD5b00DtQiXQSG+0QIxsRpQXQDfmKV/GGxfvbE+Ap  
1F4LRhjXUnv1MH/Pi3XUYwmhdL7JPpFpC3zzZJxXnK0HJ0aNn892FUvrsbt+w3sp  
1wVGnr+XN9rFYcdvr6luOOV9GX+x8+xglq9s079IFH5Z/W0M/uk/pGjcOQKUjUoa  
G00gQbau/PIwU8uf9KwFEbAGNfq3VwhXE+W1weYhQtkjvPyeN6G5iTRNZCrmU8m4  
dppu1nkg8oEC2vm1Kjn/kjcP3e9uDPvUWynp60sgPLv+OQb4hQfpwg6QMZp9mt8Y  
VsRLKly1xos4IhcY2lAvfKBRAvD36Z7S/ZUqq8eoCIxl5JwGANi7/gyAwoiyeHAX  
gbTiWTpeDmo=OLVd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#sql