File _patchinfo of Package patchinfo.21882

<patchinfo incident="21882">
  <issue tracker="cve" id="2021-35550"/>
  <issue tracker="cve" id="2021-35556"/>
  <issue tracker="cve" id="2021-35559"/>
  <issue tracker="cve" id="2021-35561"/>
  <issue tracker="cve" id="2021-35564"/>
  <issue tracker="cve" id="2021-35565"/>
  <issue tracker="cve" id="2021-35567"/>
  <issue tracker="cve" id="2021-35578"/>
  <issue tracker="cve" id="2021-35586"/>
  <issue tracker="cve" id="2021-35588"/>
  <issue tracker="cve" id="2021-35603"/>
  <issue tracker="bnc" id="1191901">VUL-0: CVE-2021-35550: java-1_7_0-openjdk,java-11-openjdk,java-1_8_0-openjdk: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210)</issue>
  <issue tracker="bnc" id="1191903">VUL-0: CVE-2021-35567: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)</issue>
  <issue tracker="bnc" id="1191904">VUL-0: CVE-2021-35578: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Unexpected exception raised during TLS handshake (JSSE, 8267729)</issue>
  <issue tracker="bnc" id="1191905">VUL-1: CVE-2021-35588: java-1_8_0-openjdk,java-11-openjdk,java-1_7_0-openjdk: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071)</issue>
  <issue tracker="bnc" id="1191906">VUL-1: CVE-2021-35603: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Non-constant comparison during TLS handshakes (JSSE, 8269618)</issue>
  <issue tracker="bnc" id="1191909">VUL-0: CVE-2021-35565: java-1_7_0-openjdk,java-11-openjdk,java-1_8_0-openjdk: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)</issue>
  <issue tracker="bnc" id="1191910">VUL-0: CVE-2021-35556: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Excessive memory allocation in RTFParser (Swing, 8265167)</issue>
  <issue tracker="bnc" id="1191911">VUL-0: CVE-2021-35559: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Excessive memory allocation in RTFReader (Swing, 8265580)</issue>
  <issue tracker="bnc" id="1191912">VUL-0: CVE-2021-35561: java-1_8_0-openjdk,java-11-openjdk,java-1_7_0-openjdk: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)</issue>
  <issue tracker="bnc" id="1191913">VUL-0: CVE-2021-35564: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)</issue>
  <issue tracker="bnc" id="1191914">VUL-0: CVE-2021-35586: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openjdk</summary>
  <description>This update for java-1_8_0-openjdk fixes the following issues:

Update to version OpenJDK 8u312 (October 2021 CPU):
  
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909).
- CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903).
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914).
- CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905)
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
</description>
</patchinfo>