File _patchinfo of Package patchinfo.24867
<patchinfo incident="24867">
<issue tracker="bnc" id="1198671">VUL-0: CVE-2022-21476: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk,java-17-openjdk: unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE</issue>
<issue tracker="bnc" id="1198674">VUL-0: CVE-2022-21434: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk,java-17-openjdk: unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE</issue>
<issue tracker="bnc" id="1198672">VUL-0: CVE-2022-21426: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk,java-17-openjdk: unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE</issue>
<issue tracker="bnc" id="1198673">VUL-0: CVE-2022-21496: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk,java-17-openjdk: unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE</issue>
<issue tracker="bnc" id="1198675">VUL-0: CVE-2022-21443: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk,java-17-openjdk: unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE</issue>
<issue tracker="cve" id="2022-21476"/>
<issue tracker="cve" id="2022-21434"/>
<issue tracker="cve" id="2022-21496"/>
<issue tracker="cve" id="2022-21443"/>
<issue tracker="cve" id="2022-21426"/>
<packager>fstrba</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for java-1_8_0-openjdk</summary>
<description>This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0)
- CVE-2022-21426: Better XPath expression handling (bsc#1198672)
- CVE-2022-21443: Improved Object Identification (bsc#1198675)
- CVE-2022-21434: Better invocation handler handling (bsc#1198674)
- CVE-2022-21476: Improve Santuario processing (bsc#1198671)
- CVE-2022-21496: Improve URL supports (bsc#1198673)
And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes.
</description>
</patchinfo>