Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudlinuxCloudLinuxCLSA-2022:1661176564
HistoryAug 22, 2022 - 1:56 p.m.

Fixed 50 CVEs in java-1.7.0-openjdk

2022-08-2213:56:04
repo.cloudlinux.com
61

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.1%

JSON
  • Bump to 2.6.28 and OpenJDK 7u351-b01.
  • Security fixes in 7u351:
  • CVE-2022-21540: Improve class compilation (JDK-8281859)
  • CVE-2022-21541: Enhance MethodHandle invocations (JDK-8281866)
  • CVE-2022-34169: Improve Xalan supports (JDK-8285407)
  • Security fixes in 7u341:
  • CVE-2022-21426: Better XPath expression handling (JDK-8270504)
  • CVE-2022-21434: Better invocation handler handling (JDK-8277672)
  • CVE-2022-21443: Improved Object Identification (JDK-8275151)
  • CVE-2022-21476: Improve Santuario processing (JDK-8278008)
  • CVE-2022-21496: Improve URL supports (JDK-8278972)
  • Security fixes in 7u331:
  • CVE-2022-21248: Enhance cross VM serialization (JDK-8264934)
  • CVE-2022-21282: Better resolution of URIs (JDK-8270492)
  • CVE-2022-21283: Better String matching (JDK-8268813)
  • CVE-2022-21293: Improve String constructions (JDK-8270392)
  • CVE-2022-21294: Enhance construction of Identity maps (JDK-8270416)
  • CVE-2022-21296: Improve SAX Parser configuration management (JDK-8270498)
  • CVE-2022-21299: Improved scanning of XML entities (JDK-8270646)
  • CVE-2022-21305: Better array indexing (JDK-8272014)
  • CVE-2022-21340: Verify Jar Verification (JDK-8272026)
  • CVE-2022-21341: Improve serial forms for transport (JDK-8272236)
  • CVE-2022-21349: Improve Solaris font rendering (JDK-8273748)
  • CVE-2022-21360: Enhance BMP image support (JDK-8273756)
  • CVE-2022-21365: Enhanced BMP processing (JDK-8273838)
  • Security fixes in 7u321:
  • CVE-2021-35550: Update the default enabled cipher suites preference
    (JDK-8163326)
  • CVE-2021-35556: Richer Text Editors (JDK-8265167)
  • CVE-2021-35559: Enhanced style for RTF kit (JDK-8265580)
  • CVE-2021-35561: Better hashing support (JDK-8266097)
  • CVE-2021-35564: Improve Keystore integrity (JDK-8266137)
  • CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
    (JDK-8254967)
  • CVE-2021-35586: Better BMP support (JDK-8267735)
  • CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if
    InnerClasses attribute’s inner_class_info_index is 0 (JDK-8130183)
  • CVE-2021-35603: Better session identification (JDK-8269618)
  • Security fixes in 7u311:
  • CVE-2021-2341: Improve file transfers (JDK-8258432)
  • CVE-2021-2369: Better jar file validation (JDK-8260967)
  • CVE-2021-2432: Provide better LDAP provider support (JDK-8267412)
  • Security fixes in 7u301:
  • CVE-2021-2161: Less ambiguous processing (JDK-8250568)
  • CVE-2021-2163: Enhance opening JARs (JDK-8249906)
  • Security fixes in 7u281:
  • CVE-2020-14779: Enhance support of Proxy class (JDK-8236862)
  • CVE-2020-14781: Enhanced LDAP contexts (JDK-8237990)
  • CVE-2020-14782: Enhance certificate processing (JDK-8237995)
  • CVE-2020-14792: Better range handling (JDK-8241114)
  • CVE-2020-14796: Improved URI Support (JDK-8242680)
  • CVE-2020-14797: Better Path Validation (JDK-8242685)
  • CVE-2020-14798: Enhanced buffer support (JDK-8242695)
  • CVE-2020-14803: Improved Buffer supports (JDK-8244136)
  • Security fixes in 7u271:
  • CVE-2020-14577: Enhance certificate verification (JDK-8237592)
  • CVE-2020-14578: NegativeArraySizeException in
    sun.security.util.DerInputStream.getUnalignedBitString() (JDK-8028591)
  • CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
    (JDK-8028431)
  • CVE-2020-14581: Better matrix operations (JDK-8238002)
  • CVE-2020-14583: Better Buffer support (JDK-8238920)
  • CVE-2020-14593: Less Affine Transformations (JDK-8240119)
  • CVE-2020-14621: Better XML namespace handling (JDK-8242136)
  • Update tzdata requirement to 2022a to match JDK-8283350
  • Update NEWS from IcedTea
  • Adjust jdk8076221-pr2809-disable_rc4_cipher_suites.patch to apply after
    bump OpenJDK version

Related

nessus 75
amazon 6
suse 6
aix 1
ibm 20
debian 3
openvas 38
osv 7
fedora 8
redhat 16
rocky 2
almalinux 1
ubuntu 2
gentoo 1
oraclelinux 4
kaspersky 2
altlinux 1
rosalinux 1
centos 3
redos 1
mageia 1
nessus
nessus
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2022-1633)
2022-09-12 00:00:00
Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2022-1631)
2022-08-23 00:00:00
Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2022-1835)
2022-09-15 00:00:00
amazon
amazon
Important: java-1.7.0-openjdk
2022-09-01 17:24:00
Important: java-1.8.0-openjdk
2022-08-15 18:37:00
Important: java-1.7.0-openjdk
2022-09-01 21:09:00
suse
suse
Security update for java-1_8_0-openjdk (moderate)
2020-11-26 00:00:00
Security update for java-1_8_0-openj9 (important)
2020-11-10 00:00:00
Security update for java-1_8_0-openjdk (moderate)
2020-11-27 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-06-14 14:37:05
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
2022-11-14 16:23:08
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator
2023-01-03 08:05:28
Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2.4
2022-09-30 08:52:40
debian
debian
[SECURITY] [DLA 2917-1] openjdk-8 security update
2022-02-10 08:51:22
[SECURITY] [DLA 2412-1] openjdk-8 security update
2020-10-30 09:23:09
[SECURITY] [DSA 4779-1] openjdk-11 security update
2020-10-25 10:14:25
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:0873-1)
2022-03-16 00:00:00
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2022-b706eef225)
2022-02-11 00:00:00
Debian: Security Advisory (DLA-2917-1)
2022-02-11 00:00:00
osv
osv
openjdk-8 - security update
2022-02-10 00:00:00
Moderate: java-1.8.0-openjdk security and bug fix update
2022-01-27 13:47:36
openjdk-8 - security update
2020-10-23 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: java-1.8.0-openjdk-1.8.0.322.b06-2.fc35
2022-02-11 01:23:37
[SECURITY] Fedora 32 Update: java-11-openjdk-11.0.9.11-0.fc32
2020-10-31 02:02:10
[SECURITY] Fedora 34 Update: java-1.8.0-openjdk-1.8.0.322.b06-2.fc34
2022-02-11 01:11:34
redhat
redhat
(RHSA-2022:0312) Moderate: java-1.8.0-openjdk security update
2022-01-27 15:48:40
(RHSA-2022:0317) Moderate: OpenJDK 8u322 security update for Portable Linux Builds
2022-01-27 19:55:10
(RHSA-2022:0305) Moderate: java-1.8.0-openjdk security update
2022-01-27 13:49:14
rocky
rocky
java-1.8.0-openjdk security and bug fix update
2022-01-27 13:47:36
java-1.8.0-openjdk security and bug fix update
2022-02-01 03:36:17
almalinux
almalinux
Moderate: java-1.8.0-openjdk security and bug fix update
2022-01-27 13:47:36
ubuntu
ubuntu
OpenJDK regressions
2020-11-12 00:00:00
OpenJDK vulnerabilities
2020-10-27 00:00:00
gentoo
gentoo
OpenJDK: Multiple Vulnerabilities
2022-09-07 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2022-01-27 00:00:00
java-1.8.0-openjdk security and bug fix update
2022-01-27 00:00:00
java-1.8.0-openjdk security update
2020-10-27 00:00:00
kaspersky
kaspersky
KLA11985 Multiple vulnerabilities in Oracle Java SE
2020-10-20 00:00:00
KLA12426 Multiple vulnerabilities in Oracle Java and GraalVM
2022-01-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package java-1.8.0-openjdk version 0:1.8.0.322.b06-alt2_1jpp8
2022-04-07 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2314
2023-12-19 12:08:45
centos
centos
java security update
2022-01-27 23:14:09
java security update
2020-11-09 13:12:26
java security update
2020-11-06 21:58:30
redos
redos
ROS-20240424-01
2024-04-24 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-11-14 00:20:36

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.1%

JSON
Related for CLSA-2022:1661176564
nessus75amazon6suse6aix1ibm20debian3openvas38osv7fedora8redhat16rocky2almalinux1ubuntu2gentoo1oraclelinux4kaspersky2altlinux1rosalinux1centos3redos1mageia1