Overview

File _patchinfo of Package patchinfo.21659

<patchinfo incident="21659">
  <issue tracker="bnc" id="1191904">VUL-0: CVE-2021-35578: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Unexpected exception raised during TLS handshake (JSSE, 8267729)</issue>
  <issue tracker="bnc" id="1191910">VUL-0: CVE-2021-35556: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Excessive memory allocation in RTFParser (Swing, 8265167)</issue>
  <issue tracker="bnc" id="1188565">VUL-0: CVE-2021-2369: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: JAR file handling problem containing multiple MANIFEST.MF files</issue>
  <issue tracker="bnc" id="1191914">VUL-0: CVE-2021-35586: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)</issue>
  <issue tracker="bnc" id="1191912">VUL-0: CVE-2021-35561: java-1_8_0-openjdk,java-11-openjdk,java-1_7_0-openjdk: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)</issue>
  <issue tracker="bnc" id="1191909">VUL-0: CVE-2021-35565: java-1_7_0-openjdk,java-11-openjdk,java-1_8_0-openjdk: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)</issue>
  <issue tracker="bnc" id="1191906">VUL-1: CVE-2021-35603: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Non-constant comparison during TLS handshakes (JSSE, 8269618)</issue>
  <issue tracker="bnc" id="1191913">VUL-0: CVE-2021-35564: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)</issue>
  <issue tracker="bnc" id="1185056">VUL-0: CVE-2021-2161: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Incorrect handling of partially quoted arguments in ProcessBuilder on Windows</issue>
  <issue tracker="bnc" id="1188564">VUL-0: CVE-2021-2341: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: flaw inside the FtpClient</issue>
  <issue tracker="bnc" id="1191903">VUL-0: CVE-2021-35567: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)</issue>
  <issue tracker="bnc" id="1185055">VUL-0: CVE-2021-2163: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Incomplete enforcement of JAR signing disabled algorithms</issue>
  <issue tracker="bnc" id="1191911">VUL-0: CVE-2021-35559: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Excessive memory allocation in RTFReader (Swing, 8265580)</issue>
  <issue tracker="bnc" id="1188566">VUL-0: CVE-2021-2388: java-11-openjdk,java-1_8_0-openjdk: flaw inside the Hotspot component performed range check elimination</issue>
  <issue tracker="bnc" id="1191901">VUL-0: CVE-2021-35550: java-1_7_0-openjdk,java-11-openjdk,java-1_8_0-openjdk: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210)</issue>
  <issue tracker="cve" id="2021-2161"/>
  <issue tracker="cve" id="2021-2163"/>
  <issue tracker="cve" id="2021-2341"/>
  <issue tracker="cve" id="2021-2369"/>
  <issue tracker="cve" id="2021-2388"/>
  <issue tracker="cve" id="2021-35550"/>
  <issue tracker="cve" id="2021-35556"/>
  <issue tracker="cve" id="2021-35559"/>
  <issue tracker="cve" id="2021-35561"/>
  <issue tracker="cve" id="2021-35564"/>
  <issue tracker="cve" id="2021-35565"/>
  <issue tracker="cve" id="2021-35567"/>
  <issue tracker="cve" id="2021-35578"/>
  <issue tracker="cve" id="2021-35586"/>
  <issue tracker="cve" id="2021-35603"/>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openj9</summary>
  <description>This update for java-1_8_0-openj9 fixes the following issues:

Update to OpenJDK 8u312 build 07 with OpenJ9 0.29.0 virtual machine including
Oracle July 2021 and October 2021 CPU changes

- CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder on Windows (bsc#1185056).
- CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055).
- CVE-2021-2341: Fixed flaw inside the FtpClient (bsc#1188564).
- CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files (bsc#1188565).
- CVE-2021-2388: Fixed flaw inside the Hotspot component performed range check elimination (bsc#1188566).
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903).
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places