Overview

File _patchinfo of Package patchinfo.26754

<patchinfo incident="26754">
  <issue tracker="cve" id="2022-21619"/>
  <issue tracker="cve" id="2022-21624"/>
  <issue tracker="cve" id="2022-21626"/>
  <issue tracker="cve" id="2022-21628"/>
  <issue tracker="cve" id="2022-3676"/>
  <issue tracker="bnc" id="1204471">VUL-0: CVE-2022-21626: java-1_8_0-openjdk,java-11-openjdk: unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition</issue>
  <issue tracker="bnc" id="1204475">VUL-0: CVE-2022-21624: java-1_8_0-openjdk-plugin,java-10-openjdk,java-1_8_0-openjdk,java-11-openjdk,java-1_8_0-ibm,java-17-openjdk: unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise</issue>
  <issue tracker="bnc" id="1204473">VUL-0: CVE-2022-21619: java-1_8_0-openjdk,java-17-openjdk,java-11-openjdk: unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE</issue>
  <issue tracker="bnc" id="1204472">VUL-0: CVE-2022-21628: java-1_8_0-openjdk,java-17-openjdk,java-11-openjdk: unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition</issue>
  <issue tracker="bnc" id="1204703">VUL-0: CVE-2022-3676: In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openj9</summary>
  <description>This update for java-1_8_0-openj9 fixes the following issues:

- Update to OpenJDK 8u352 build 08 with OpenJ9 0.35.0 virtual machine, including Oracle October 2022 CPU changes.

- CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473).
- CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471).
- CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475).
- CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472).
- CVE-2022-3676: Fixed interface than calls can be inlined without a runtime type check (bsc#1204703).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places