Overview

File _patchinfo of Package patchinfo.22637

<patchinfo incident="22637">
  <issue tracker="cve" id="2022-21296"/>
  <issue tracker="cve" id="2022-21299"/>
  <issue tracker="cve" id="2022-21282"/>
  <issue tracker="cve" id="2022-21340"/>
  <issue tracker="cve" id="2022-21305"/>
  <issue tracker="cve" id="2022-21293"/>
  <issue tracker="cve" id="2022-21283"/>
  <issue tracker="cve" id="2022-21365"/>
  <issue tracker="cve" id="2022-21291"/>
  <issue tracker="cve" id="2022-21341"/>
  <issue tracker="cve" id="2022-21366"/>
  <issue tracker="cve" id="2022-21248"/>
  <issue tracker="cve" id="2022-21294"/>
  <issue tracker="cve" id="2022-21360"/>
  <issue tracker="cve" id="2022-21277"/>
  <issue tracker="bnc" id="1194931">VUL-0: CVE-2022-21299: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Infinite loop related to incorrect handling of newlines in XMLEntityScanner</issue>
  <issue tracker="bnc" id="1194941">VUL-0: CVE-2022-21341: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream</issue>
  <issue tracker="bnc" id="1194929">VUL-0: CVE-2022-21360: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Excessive memory allocation in BMPImageReader</issue>
  <issue tracker="bnc" id="1194940">VUL-0: CVE-2022-21340: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Excessive resource use when reading JAR manifest attributes</issue>
  <issue tracker="bnc" id="1194935">VUL-0: CVE-2022-21293: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incomplete checks of StringBuffer and StringBuilder during deserialization</issue>
  <issue tracker="bnc" id="1194932">VUL-0: CVE-2022-21296: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect access checks in XMLEntityManager</issue>
  <issue tracker="bnc" id="1194934">VUL-0: CVE-2022-21294: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect IdentityHashMap size checks during deserialization</issue>
  <issue tracker="bnc" id="1194930">VUL-0: CVE-2022-21277: java-17-openjdk,java-11-openjdk: Incorrect reading of TIFF files in TIFFNullDecompressor</issue>
  <issue tracker="bnc" id="1194925">VUL-0: CVE-2022-21291: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect marking of writeable fields</issue>
  <issue tracker="bnc" id="1194927">VUL-0: CVE-2022-21366: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Excessive memory allocation in TIFF*Decompressor</issue>
  <issue tracker="bnc" id="1194928">VUL-0: CVE-2022-21365: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Integer overflow in BMPImageReader</issue>
  <issue tracker="bnc" id="1194939">VUL-0: CVE-2022-21305: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Array indexing issues in LIRGenerator</issue>
  <issue tracker="bnc" id="1194933">VUL-0: CVE-2022-21282: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient URI checks in the XSLT TransformerImpl</issue>
  <issue tracker="bnc" id="1194926">VUL-0: CVE-2022-21248: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incomplete deserialization class filtering in ObjectInputStream</issue>
  <issue tracker="bnc" id="1194937">VUL-0: CVE-2022-21283: java-11-openjdk,java-17-openjdk: Unexpected exception thrown in regex Pattern</issue>
  <packager>fstrba</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for java-11-openjdk</summary>
  <description>This update for java-11-openjdk fixes the following issues:

- CVE-2022-21248: Fixed incomplete deserialization class filtering in ObjectInputStream. (bnc#1194926)
- CVE-2022-21277: Fixed incorrect reading of TIFF files in TIFFNullDecompressor. (bnc#1194930)
- CVE-2022-21282: Fixed Insufficient URI checks in the XSLT TransformerImpl. (bnc#1194933)
- CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern. (bnc#1194937)
- CVE-2022-21291: Fixed Incorrect marking of writeable fields. (bnc#1194925)
- CVE-2022-21293: Fixed Incomplete checks of StringBuffer and StringBuilder during deserialization. (bnc#1194935)
- CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during deserialization. (bnc#1194934)
- CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager. (bnc#1194932)
- CVE-2022-21299: Fixed Infinite loop related to incorrect handling of newlines in XMLEntityScanner. (bnc#1194931)
- CVE-2022-21305: Fixed Array indexing issues in LIRGenerator. (bnc#1194939)
- CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest attributes. (bnc#1194940)
- CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream. (bnc#1194941)
- CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader. (bnc#1194929)
- CVE-2022-21365: Fixed Integer overflow in BMPImageReader. (bnc#1194928)
- CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor. (bnc#1194927)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places