ALSA-2022:0307

[ALSA-2022:0307] Moderate: java-1.8.0-openjdk security and bug fix update

Type:

security

Severity:

moderate

Release date:

2022-01-28

Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248)

* OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282)

* OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283)

* OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) (CVE-2022-21293)

* OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) (CVE-2022-21294)

* OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296)

* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)

* OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305)

* OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340)

* OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) (CVE-2022-21341)

* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360)

* OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Previously, OpenJDK would crash when running the Java Flight Recorder (JFR) on PowerPC 64 (ppc64) machines. This was found to be due to missing crash protection in the ppc64 port. With this update, JFR should be run without crashing on ppc64. (BZ#2038935)

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	java-1.8.0-openjdk-javadoc-1.8.0.322.b06-2.el8_5.noarch.rpm	5142abcb6a6245acad581da8fbd58a303b6ad2d8dcbecffd39f4a4f180434913
noarch	java-1.8.0-openjdk-javadoc-zip-1.8.0.322.b06-2.el8_5.noarch.rpm	ed972fb85ae5425b413de1a174025b4ec6a2022209c950dd688b3d5448a1d450
x86_64	java-1.8.0-openjdk-headless-fastdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	0985e735f99470e3d8edef5643189dbb72ce02f9779f454c157ef4b38464c1ba
x86_64	java-1.8.0-openjdk-slowdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	0dfd58dfc59e7a28dcf32f655008d8144fc3e84d46168bf4d804a4b0ab0f770f
x86_64	java-1.8.0-openjdk-demo-slowdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	23f174ab3a777778485d155aa54f67c1d4266540fd344a435971ec4abe239d0f
x86_64	java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.rpm	265e6daedec5ba26829528015d87324792b2f40a87f47e552ac06af25df4414e
x86_64	java-1.8.0-openjdk-devel-fastdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	5955ca8f169f2f2fb07cc6aa7b8e79e6845ce55f5a23400fe65a12b02b2eaf12
x86_64	java-1.8.0-openjdk-devel-1.8.0.322.b06-2.el8_5.x86_64.rpm	6229f535de48f4872047cc2975ee0481a02e4aa2c91ed160f06d9213d64d7501
x86_64	java-1.8.0-openjdk-accessibility-1.8.0.322.b06-2.el8_5.x86_64.rpm	6788cbaf26b9dffbe91f13f4df1ac36988cdf7b68696f94ad5a8c9fd765142c4
x86_64	java-1.8.0-openjdk-fastdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	780813cdad0e5f43c709efdbae0d4391e5810f41b09d06175cb64afff81a3df8
x86_64	java-1.8.0-openjdk-headless-slowdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	84f85afff7f794f1999a3b84f1bd2cfaa3e597d33b46c7c088e631707d5580c7
x86_64	java-1.8.0-openjdk-headless-1.8.0.322.b06-2.el8_5.x86_64.rpm	8ab3d75e121c3e90e9ff7c65fa03d196b65aee0e60c1324cc6f5bfdcffc4bb43
x86_64	java-1.8.0-openjdk-src-1.8.0.322.b06-2.el8_5.x86_64.rpm	948a50b066f63f6177966f87db4c1d90fddbb646a6a354ce2df6428d7c882633
x86_64	java-1.8.0-openjdk-demo-fastdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	96acf0e4ae2f6ff4d78ce656793b55f36498319dfce42c0550c3abbf7bce1771
x86_64	java-1.8.0-openjdk-src-fastdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	9b95d1b23808c9d94b4ffd426e670229a43d91ba3f1459c8a23e4d123c19f2b4
x86_64	java-1.8.0-openjdk-src-slowdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	a1e1ac25dfb5bf1a6151e7ab63d1ff817b7817ae5a86093929a39da0e9e5c207
x86_64	java-1.8.0-openjdk-devel-slowdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	a5c99c4aba0b57b36e45c5c28a6e7e92434f272c687915a54043d2699c65a198
x86_64	java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	ab84c3010939f0a0fa1100cc21b5e0615772e4a20c6bcc012d03d6f0ef95dc53
x86_64	java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.322.b06-2.el8_5.x86_64.rpm	bdb24964edbbe7ba77abd46f154f9bed9b9225b4534a8b2f4e909c247c32a9ae
x86_64	java-1.8.0-openjdk-demo-1.8.0.322.b06-2.el8_5.x86_64.rpm	e74cc70007c339de8f9eb4ee451f12a7e32a5db0c4eae76c4e30f806d06ce87c

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.