Overview

File _patchinfo of Package patchinfo.22308

<patchinfo incident="22308">
  <issue tracker="bnc" id="1185055">VUL-0: CVE-2021-2163: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Incomplete enforcement of JAR signing disabled algorithms</issue>
  <issue tracker="bnc" id="1191904">VUL-0: CVE-2021-35578: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Unexpected exception raised during TLS handshake (JSSE, 8267729)</issue>
  <issue tracker="bnc" id="1194232">VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm: IBM Security Update November 2021</issue>
  <issue tracker="bnc" id="1191905">VUL-1: CVE-2021-35588: java-1_8_0-openjdk,java-11-openjdk,java-1_7_0-openjdk: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071)</issue>
  <issue tracker="bnc" id="1194198">L3-Question: Questions regarding CVE-2021-41035 and bug 1192052</issue>
  <issue tracker="bnc" id="1191911">VUL-0: CVE-2021-35559: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Excessive memory allocation in RTFReader (Swing, 8265580)</issue>
  <issue tracker="bnc" id="1188564">VUL-0: CVE-2021-2341: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: flaw inside the FtpClient</issue>
  <issue tracker="bnc" id="1192052">VUL-1: CVE-2021-41035: java-11-openj9, java-1_8_0-openj9: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.</issue>
  <issue tracker="bnc" id="1191909">VUL-0: CVE-2021-35565: java-1_7_0-openjdk,java-11-openjdk,java-1_8_0-openjdk: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)</issue>
  <issue tracker="bnc" id="1191913">VUL-0: CVE-2021-35564: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)</issue>
  <issue tracker="bnc" id="1188565">VUL-0: CVE-2021-2369: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: JAR file handling problem containing multiple MANIFEST.MF files</issue>
  <issue tracker="bnc" id="1191914">VUL-0: CVE-2021-35586: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)</issue>
  <issue tracker="bnc" id="1191902">VUL-0: CVE-2021-35560: java-1_8_0-openjdk,java-11-openjdk,java-1_7_0-openjdk: Vulnerability in the Java SE product of Oracle Java SE (component: Deployment).</issue>
  <issue tracker="bnc" id="1191910">VUL-0: CVE-2021-35556: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Excessive memory allocation in RTFParser (Swing, 8265167)</issue>
  <issue tracker="cve" id="2021-2163"/>
  <issue tracker="cve" id="2021-35564"/>
  <issue tracker="cve" id="2021-35560"/>
  <issue tracker="cve" id="2021-35586"/>
  <issue tracker="cve" id="2021-41035"/>
  <issue tracker="cve" id="2021-35556"/>
  <issue tracker="cve" id="2021-35565"/>
  <issue tracker="cve" id="2021-2341"/>
  <issue tracker="cve" id="2021-35588"/>
  <issue tracker="cve" id="2021-2369"/>
  <issue tracker="cve" id="2021-35578"/>
  <issue tracker="cve" id="2021-35559"/>
  <packager>pmonrealgonzalez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-ibm</summary>
  <description>This update for java-1_8_0-ibm fixes the following issues:

- Update to Java 8.0 Service Refresh 7 Fix Pack 0
- CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052)
- CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914)
- CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913)
- CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911)
- CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910)
- CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) 
- CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905)
- CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564)
- CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565)
- CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055)
- CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902)
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places