Overview

File _patchinfo of Package patchinfo.23302

<patchinfo incident="23302">
  <issue tracker="bnc" id="1194928">VUL-0: CVE-2022-21365: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Integer overflow in BMPImageReader</issue>
  <issue tracker="bnc" id="1194927">VUL-0: CVE-2022-21366: java-17-openjdk,java-11-openjdk: Excessive memory allocation in TIFF*Decompressor</issue>
  <issue tracker="bnc" id="1194933">VUL-0: CVE-2022-21282: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient URI checks in the XSLT TransformerImpl</issue>
  <issue tracker="bnc" id="1194925">VUL-0: CVE-2022-21291: java-17-openjdk,java-11-openjdk: Incorrect marking of writeable fields</issue>
  <issue tracker="bnc" id="1196500">VUL-0: CVE-2022-21349: java-11-openjdk,java-1_4_2-ibm,java-10-openjdk,java-17-openjdk: OpenJDK: Unaligned memory access in ContextualGlyphSubstProc2 (2D, 8273748)</issue>
  <issue tracker="bnc" id="1195146">L3: broken symlink with java-1_8_0-ibm preventing javaws from starting</issue>
  <issue tracker="bnc" id="1194934">VUL-0: CVE-2022-21294: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect IdentityHashMap size checks during deserialization</issue>
  <issue tracker="bnc" id="1197126">VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update January 2022</issue>
  <issue tracker="bnc" id="1194937">VUL-0: CVE-2022-21283: java-11-openjdk,java-17-openjdk: Unexpected exception thrown in regex Pattern</issue>
  <issue tracker="bnc" id="1194935">VUL-0: CVE-2022-21293: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incomplete checks of StringBuffer and StringBuilder during deserialization</issue>
  <issue tracker="bnc" id="1194939">VUL-0: CVE-2022-21305: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Array indexing issues in LIRGenerator</issue>
  <issue tracker="bnc" id="1194931">VUL-0: CVE-2022-21299: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Infinite loop related to incorrect handling of newlines in XMLEntityScanner</issue>
  <issue tracker="bnc" id="1194926">VUL-0: CVE-2022-21248: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incomplete deserialization class filtering in ObjectInputStream</issue>
  <issue tracker="bnc" id="1194930">VUL-0: CVE-2022-21277: java-17-openjdk,java-11-openjdk: Incorrect reading of TIFF files in TIFFNullDecompressor</issue>
  <issue tracker="bnc" id="1194932">VUL-0: CVE-2022-21296: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect access checks in XMLEntityManager</issue>
  <issue tracker="bnc" id="1194929">VUL-0: CVE-2022-21360: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Excessive memory allocation in BMPImageReader</issue>
  <issue tracker="bnc" id="1194941">VUL-0: CVE-2022-21341: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream</issue>
  <issue tracker="bnc" id="1194940">VUL-0: CVE-2022-21340: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Excessive resource use when reading JAR manifest attributes</issue>
  <issue tracker="cve" id="2022-21341"/>
  <issue tracker="cve" id="2022-21340"/>
  <issue tracker="cve" id="2022-21305"/>
  <issue tracker="cve" id="2022-21291"/>
  <issue tracker="cve" id="2022-21277"/>
  <issue tracker="cve" id="2022-21293"/>
  <issue tracker="cve" id="2022-21365"/>
  <issue tracker="cve" id="2022-21366"/>
  <issue tracker="cve" id="2022-21282"/>
  <issue tracker="cve" id="2022-21271"/>
  <issue tracker="cve" id="2022-21349"/>
  <issue tracker="cve" id="2022-21299"/>
  <issue tracker="cve" id="2022-21248"/>
  <issue tracker="cve" id="2022-21294"/>
  <issue tracker="cve" id="2022-21296"/>
  <issue tracker="cve" id="2022-21360"/>
  <issue tracker="cve" id="2022-21283"/>
  <packager>pmonrealgonzalez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-ibm</summary>
  <description>This update for java-1_8_0-ibm fixes the following issues:

Update Java 8.0 to Service Refresh 7 Fix Pack 5 (bsc#1197126).

Including fixes for the following vulnerabilities: 

  CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349,
  CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277,
  CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294,
  CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248,
  CVE-2022-21271.

Non-securtiy fix:

- Fixed a broken symlink for javaws (bsc#1195146).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places