SUSE-SU-2022:0816-1 -- SLES java-11-openjdkID: oval:org.secpod.oval:def:89047616 | Date: (C)2022-11-04 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for java-11-openjdk fixes the following issues: - CVE-2022-21248: Fixed incomplete deserialization class filtering in ObjectInputStream. - CVE-2022-21277: Fixed incorrect reading of TIFF files in TIFFNullDecompressor. - CVE-2022-21282: Fixed Insufficient URI checks in the XSLT TransformerImpl. - CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern. - CVE-2022-21291: Fixed Incorrect marking of writeable fields. - CVE-2022-21293: Fixed Incomplete checks of StringBuffer and StringBuilder during deserialization. - CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during deserialization. - CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager. - CVE-2022-21299: Fixed Infinite loop related to incorrect handling of newlines in XMLEntityScanner. - CVE-2022-21305: Fixed Array indexing issues in LIRGenerator. - CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest attributes. - CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream. - CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader. - CVE-2022-21365: Fixed Integer overflow in BMPImageReader. - CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor
Platform: |
SUSE Linux Enterprise Server 15 SP3 |
SUSE Linux Enterprise Desktop 15 SP3 |