File _patchinfo of Package patchinfo.23204

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.23204

<patchinfo incident="23204">
  <issue tracker="cve" id="2022-21299"/>
  <issue tracker="cve" id="2022-21293"/>
  <issue tracker="cve" id="2022-21283"/>
  <issue tracker="cve" id="2022-21360"/>
  <issue tracker="cve" id="2022-21349"/>
  <issue tracker="cve" id="2022-21294"/>
  <issue tracker="cve" id="2022-21282"/>
  <issue tracker="cve" id="2022-21365"/>
  <issue tracker="cve" id="2022-21341"/>
  <issue tracker="cve" id="2022-21296"/>
  <issue tracker="cve" id="2022-21305"/>
  <issue tracker="cve" id="2022-21340"/>
  <issue tracker="cve" id="2022-21248"/>
  <issue tracker="bnc" id="1194933">VUL-0: CVE-2022-21282: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient URI checks in the XSLT TransformerImpl</issue>
  <issue tracker="bnc" id="1194940">VUL-0: CVE-2022-21340: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Excessive resource use when reading JAR manifest attributes</issue>
  <issue tracker="bnc" id="1193314">Cipher suite problems with java u312</issue>
  <issue tracker="bnc" id="1194939">VUL-0: CVE-2022-21305: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Array indexing issues in LIRGenerator</issue>
  <issue tracker="bnc" id="1194926">VUL-0: CVE-2022-21248: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incomplete deserialization class filtering in ObjectInputStream</issue>
  <issue tracker="bnc" id="1193444">Unable to access Java keystore after applying SUSE-SU-2021:3771-1</issue>
  <issue tracker="bnc" id="1194941">VUL-0: CVE-2022-21341: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream</issue>
  <issue tracker="bnc" id="1194932">VUL-0: CVE-2022-21296: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect access checks in XMLEntityManager</issue>
  <issue tracker="bnc" id="1194937">VUL-0: CVE-2022-21283: java-11-openjdk,java-17-openjdk: Unexpected exception thrown in regex Pattern</issue>
  <issue tracker="bnc" id="1194929">VUL-0: CVE-2022-21360: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Excessive memory allocation in BMPImageReader</issue>
  <issue tracker="bnc" id="1194928">VUL-0: CVE-2022-21365: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Integer overflow in BMPImageReader</issue>
  <issue tracker="bnc" id="1195163">L3: JDK-8076190 Customizing the generation of a PKCS12 keystore</issue>
  <issue tracker="bnc" id="1194934">VUL-0: CVE-2022-21294: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect IdentityHashMap size checks during deserialization</issue>
  <issue tracker="bnc" id="1194935">VUL-0: CVE-2022-21293: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incomplete checks of StringBuffer and StringBuilder during deserialization</issue>
  <issue tracker="bnc" id="1193491">SSL handshake fails in Java/Tomcat-based applications after applying SUSE-SU-2021:3771-1</issue>
  <issue tracker="bnc" id="1194931">VUL-0: CVE-2022-21299: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Infinite loop related to incorrect handling of newlines in XMLEntityScanner</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openjdk</summary>
  <description>This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u322 (icedtea-3.22.0)

Including the following security fixes:

- CVE-2022-21248, bsc#1194926: Enhance cross VM serialization
- CVE-2022-21283, bsc#1194937: Better String matching
- CVE-2022-21293, bsc#1194935: Improve String constructions
- CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps
- CVE-2022-21282, bsc#1194933: Better resolution of URIs
- CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management
- CVE-2022-21299, bsc#1194931: Improved scanning of XML entities
- CVE-2022-21305, bsc#1194939: Better array indexing
- CVE-2022-21340, bsc#1194940: Verify Jar Verification
- CVE-2022-21341, bsc#1194941: Improve serial forms for transport
- CVE-2022-21349: Improve Solaris font rendering
- CVE-2022-21360, bsc#1194929: Enhance BMP image support
- CVE-2022-21365, bsc#1194928: Enhanced BMP processing
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.23204

Places