CESA-2022:0306 -- centos 7 java-1.8.0-openjdkID: oval:org.secpod.oval:def:205935 | Date: (C)2022-02-02 (M)2024-02-19 |
Class: PATCH | Family: unix |
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream * OpenJDK: Insufficient URI checks in the XSLT TransformerImpl * OpenJDK: Unexpected exception thrown in regex Pattern * OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization * OpenJDK: Incorrect IdentityHashMap size checks during deserialization * OpenJDK: Incorrect access checks in XMLEntityManager * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner * OpenJDK: Array indexing issues in LIRGenerator * OpenJDK: Excessive resource use when reading JAR manifest attributes * OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream * OpenJDK: Excessive memory allocation in BMPImageReader * OpenJDK: Integer overflow in BMPImageReader For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Product: |
java-1.8.0-openjdk |