ALSA-2022:0161

[ALSA-2022:0161] Moderate: java-17-openjdk security update

Type:

security

Severity:

moderate

Release date:

2022-01-20

Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248)

* OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) (CVE-2022-21277)

* OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282)

* OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283)

* OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386) (CVE-2022-21291)

* OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) (CVE-2022-21293)

* OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) (CVE-2022-21294)

* OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296)

* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)

* OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305)

* OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340)

* OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) (CVE-2022-21341)

* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360)

* OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365)

* OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096) (CVE-2022-21366)

For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
x86_64	java-17-openjdk-fastdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	0c41ed65cbf96680d7549221eedb6cfbb85772344211a6e81e7b10487a2bf168
x86_64	java-17-openjdk-jmods-slowdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	15ed6b465618406bea8fbdaa97fdd1994418b5bed965cde51cee560068fc86aa
x86_64	java-17-openjdk-static-libs-17.0.2.0.8-4.el8_5.x86_64.rpm	245daf675bf4cabfd9083f1c9780cd2be49d32b97ff5783be9dc45fdfccf82c5
x86_64	java-17-openjdk-demo-17.0.2.0.8-4.el8_5.x86_64.rpm	24d4c0c6f59f38f9f4b436502cbf56932b526a8a85b26312b92c686b7d35a8d9
x86_64	java-17-openjdk-src-17.0.2.0.8-4.el8_5.x86_64.rpm	3453dd89ee2b85ce74d813036592b7776814f82215f3349c333681418105a9ff
x86_64	java-17-openjdk-jmods-17.0.2.0.8-4.el8_5.x86_64.rpm	421dd75cd784b060dfa3ae6743cf2d7164ffef7bb04adbe8e39d420281010348
x86_64	java-17-openjdk-static-libs-slowdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	46f219c7cddc25193c4a4f829991e835068ffa0fbd06cacaf5b450f9106e963a
x86_64	java-17-openjdk-devel-slowdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	49b3b43d093fe2905c2f97c4ffd20209f35b52c0bb6c79cf082e8c546d310d4c
x86_64	java-17-openjdk-headless-17.0.2.0.8-4.el8_5.x86_64.rpm	4ad0c64b014fdc0a19396ea140de7e5e781c66a0da6974c1038187ff4b993dbc
x86_64	java-17-openjdk-src-slowdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	54e45f32e3bf6e3c9f8805941388a721c2a2d43e8b27795ed2eb541a52e64bee
x86_64	java-17-openjdk-17.0.2.0.8-4.el8_5.x86_64.rpm	55c1c2fb931fcb8062f3b37c5b53766e501d95a19d3ddb4f2e8be77da4af20a3
x86_64	java-17-openjdk-devel-17.0.2.0.8-4.el8_5.x86_64.rpm	6056fde09c3e1f93a1386eb11186b04939b932476083ca85e328375a21e1e67b
x86_64	java-17-openjdk-javadoc-17.0.2.0.8-4.el8_5.x86_64.rpm	6dc845cbbd19b452d7d64392067386de626a392c013d6a3e4a4d7af20e09a413
x86_64	java-17-openjdk-devel-fastdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	7330d70a8f8914c1fc8a55b7bf8428c1415974680e48b3fa2338b669c77ac30f
x86_64	java-17-openjdk-headless-slowdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	76169c8a98e2b050bc5d2d16541684086d55c73743a3c51cd4c2d028702b5a96
x86_64	java-17-openjdk-jmods-fastdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	99c660129ea0338e31a961e35110b62c38cef8e680712a1596ecf15d1af8ef44
x86_64	java-17-openjdk-src-fastdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	a130c26739ab7ed0b2dbc075776107a7ae8efe14fe941f099d31eb1aa7558264
x86_64	java-17-openjdk-headless-fastdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	a958a77c528c7228ba1242232d60e5c397b75b891b4060ad7bc3593c289d8db4
x86_64	java-17-openjdk-javadoc-zip-17.0.2.0.8-4.el8_5.x86_64.rpm	ac990d7b07b6255bf8bb6f34a480ba766b8c58335aa767e556ca1a450edd4edf
x86_64	java-17-openjdk-demo-fastdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	b86580933904623c98feab0a1b507103d37527c754740c5c2df100df03f81ce3
x86_64	java-17-openjdk-slowdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	cb2340df0a9c7264842d865089afe2487720c5077d8bb54e3548dd9cd6191a3a
x86_64	java-17-openjdk-static-libs-fastdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	e8d2a9b1e3e0107522024060e3370c527c46825fd0aecdc6a87fdb0ab9fbbfcb
x86_64	java-17-openjdk-demo-slowdebug-17.0.2.0.8-4.el8_5.x86_64.rpm	f554164b07ef7c4173d18c847f368c0aa8433b487f30cbe7952190e33ac8b3ac

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.