RHSA-2022:0161-01 -- Redhat java-17-openjdkID: oval:org.secpod.oval:def:506657 | Date: (C)2022-01-21 (M)2024-02-19 |
Class: PATCH | Family: unix |
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix: * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream * OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor * OpenJDK: Insufficient URI checks in the XSLT TransformerImpl * OpenJDK: Unexpected exception thrown in regex Pattern * OpenJDK: Incorrect marking of writeable fields * OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization * OpenJDK: Incorrect IdentityHashMap size checks during deserialization * OpenJDK: Incorrect access checks in XMLEntityManager * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner * OpenJDK: Array indexing issues in LIRGenerator * OpenJDK: Excessive resource use when reading JAR manifest attributes * OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream * OpenJDK: Excessive memory allocation in BMPImageReader * OpenJDK: Integer overflow in BMPImageReader * OpenJDK: Excessive memory allocation in TIFF*Decompressor For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.
Platform: |
Red Hat Enterprise Linux 8 |