Overview

File _patchinfo of Package patchinfo.21579

<patchinfo incident="21579">
  <issue tracker="cve" id="2021-35578"/>
  <issue tracker="cve" id="2021-35550"/>
  <issue tracker="cve" id="2021-35586"/>
  <issue tracker="cve" id="2021-35561"/>
  <issue tracker="cve" id="2021-35567"/>
  <issue tracker="cve" id="2021-35603"/>
  <issue tracker="cve" id="2021-35565"/>
  <issue tracker="cve" id="2021-35556"/>
  <issue tracker="cve" id="2021-35564"/>
  <issue tracker="cve" id="2021-35559"/>
  <issue tracker="bnc" id="1191912">VUL-0: CVE-2021-35561: java-1_8_0-openjdk,java-11-openjdk,java-1_7_0-openjdk: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)</issue>
  <issue tracker="bnc" id="1191901">VUL-0: CVE-2021-35550: java-1_7_0-openjdk,java-11-openjdk,java-1_8_0-openjdk: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210)</issue>
  <issue tracker="bnc" id="1191913">VUL-0: CVE-2021-35564: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)</issue>
  <issue tracker="bnc" id="1191914">VUL-0: CVE-2021-35586: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)</issue>
  <issue tracker="bnc" id="1191911">VUL-0: CVE-2021-35559: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Excessive memory allocation in RTFReader (Swing, 8265580)</issue>
  <issue tracker="bnc" id="1191904">VUL-0: CVE-2021-35578: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Unexpected exception raised during TLS handshake (JSSE, 8267729)</issue>
  <issue tracker="bnc" id="1191903">VUL-0: CVE-2021-35567: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)</issue>
  <issue tracker="bnc" id="1191909">VUL-0: CVE-2021-35565: java-1_7_0-openjdk,java-11-openjdk,java-1_8_0-openjdk: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)</issue>
  <issue tracker="bnc" id="1191910">VUL-0: CVE-2021-35556: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Excessive memory allocation in RTFParser (Swing, 8265167)</issue>
  <issue tracker="bnc" id="1191906">VUL-1: CVE-2021-35603: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Non-constant comparison during TLS handshakes (JSSE, 8269618)</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-11-openjdk</summary>
  <description>This update for java-11-openjdk fixes the following issues:

Update to 11.0.13+8 (October 2021 CPU)

- CVE-2021-35550, bsc#1191901: Update the default enabled cipher suites preference
- CVE-2021-35565, bsc#1191909: com.sun.net.HttpsServer spins on TLS session close
- CVE-2021-35556, bsc#1191910: Richer Text Editors
- CVE-2021-35559, bsc#1191911: Enhanced style for RTF kit
- CVE-2021-35561, bsc#1191912: Better hashing support
- CVE-2021-35564, bsc#1191913: Improve Keystore integrity
- CVE-2021-35567, bsc#1191903: More Constrained Delegation
- CVE-2021-35578, bsc#1191904: Improve TLS client handshaking
- CVE-2021-35586, bsc#1191914: Better BMP support
- CVE-2021-35603, bsc#1191906: Better session identification
- Improve Stream handling for SSL
- Improve requests of certificates
- Correct certificate requests
- Enhance DTLS client handshake
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places