Mageia 8: MGASA-2022-0261 Critical: OpenJDK Memory Exploits
mageia
July 16, 2022
OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, ...
Summary
OpenJDK: Defective secure validation in Apache Santuario (Libraries,
8278008) (CVE-2022-21476)
OpenJDK: Unbounded memory allocation when compiling crafted XPath
expressions (JAXP, 8270504) (CVE-2022-21426)
OpenJDK: Improper object-to-string conversion in
AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
(CVE-2022-21443)
OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
References
- https://bugs.mageia.org/show_bug.cgi?id=30401
- https://access.redhat.com/errata/RHSA-2022:1491
- https://access.redhat.com/errata/RHSA-2022:1442
- https://www.cve.org/CVERecord?id=CVE-2022-21426
- https://www.cve.org/CVERecord?id=CVE-2022-21434
- https://www.cve.org/CVERecord?id=CVE-2022-21443
- https://www.cve.org/CVERecord?id=CVE-2022-21476
- https://www.cve.org/CVERecord?id=CVE-2022-21496
Topics Covered
Resolution
SRPMS
- 8/core/java-1.8.0-openjdk-1.8.0.332.b09-1.1.mga8
- 8/core/java-11-openjdk-11.0.15.0.10-1.mga8
- 8/core/timezone-2022a-1.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 16 Jul 2022
URL: https://advisories.mageia.org/MGASA-2022-0261.html
Type: security
CVE: CVE-2022-21426,
CVE-2022-21434,
CVE-2022-21443,
CVE-2022-21476,
CVE-2022-21496
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!