Overview

File _patchinfo of Package patchinfo.27036

<patchinfo incident="27036">
  <issue tracker="cve" id="2022-21624"/>
  <issue tracker="cve" id="2022-21628"/>
  <issue tracker="cve" id="2022-21626"/>
  <issue tracker="cve" id="2022-21619"/>
  <issue tracker="bnc" id="1204471">VUL-0: CVE-2022-21626: java-1_8_0-openjdk,java-11-openjdk: unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition</issue>
  <issue tracker="bnc" id="1204472">VUL-0: CVE-2022-21628: java-1_8_0-openjdk,java-17-openjdk,java-11-openjdk: unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition</issue>
  <issue tracker="bnc" id="1204475">VUL-0: CVE-2022-21624: java-1_8_0-openjdk-plugin,java-10-openjdk,java-1_8_0-openjdk,java-11-openjdk,java-1_8_0-ibm,java-17-openjdk: unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise</issue>
  <issue tracker="bnc" id="1204473">VUL-0: CVE-2022-21619: java-1_8_0-openjdk,java-17-openjdk,java-11-openjdk: unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE</issue>
  <packager>fstrba</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openjdk</summary>
  <description>This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u352 (icedtea-3.25.0):

- CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475).
- CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471).
- CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places