Mageia alert MGASA-2022-0435 (java)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2022-0435: Updated java packages fix security vulnerability | |
| Date: | Thu, 24 Nov 2022 23:22:26 +0100 | |
| Message-ID: | <20221124222226.1EC5B9FF66@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2022-0435 - Updated java packages fix security vulnerability Publication date: 24 Nov 2022 URL: https://advisories.mageia.org/MGASA-2022-0435.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-21540, CVE-2022-21541, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-34169, CVE-2022-39399 Description: Class compilation issue. (CVE-2022-21540) Improper restriction of MethodHandle.invokeBasic(). (CVE-2022-21541) Integer truncation issue in Xalan-J. (CVE-2022-34169) Improper MultiByte conversion can lead to buffer overflow. (CVE-2022-21618) Improper handling of long NTLM client hostnames. (CVE-2022-21619) Insufficient randomization of JNDI DNS port numbers. (CVE-2022-21624) Excessive memory allocation in X.509 certificate parsing. (CVE-2022-21626) HttpServer no connection count limit. (CVE-2022-21628) Missing SNI caching in HTTP/2. (CVE-2022-39399) References: - https://bugs.mageia.org/show_bug.cgi?id=30753 - https://access.redhat.com/errata/RHSA-2022:5696 - https://access.redhat.com/errata/RHSA-2022:5683 - https://www.oracle.com/security-alerts/cpujul2022.html#Ap... - https://access.redhat.com/errata/RHSA-2022:7007 - https://access.redhat.com/errata/RHSA-2022:7013 - https://www.oracle.com/security-alerts/cpuoct2022.html#Ap... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3... SRPMS: - 8/core/java-1.8.0-openjdk-1.8.0.352.b08-1.1.mga8 - 8/core/java-11-openjdk-11.0.17.0.8-1.1.mga8 - 8/core/timezone-2022e-1.mga8