RHSA-2022:1445-01 -- Redhat java-17-openjdkID: oval:org.secpod.oval:def:506818 | Date: (C)2022-06-01 (M)2024-02-29 |
Class: PATCH | Family: unix |
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix: * OpenJDK: Improper ECDSA signature verification * OpenJDK: Defective secure validation in Apache Santuario * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler * OpenJDK: Missing check for negative ObjectIdentifier * OpenJDK: URI parsing inconsistencies For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: * Enable the import of plain keys into the NSS Software Token while in FIPS mode [rhel-8, openjdk-17] * Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode [rhel-8, openjdk-17]
Platform: |
Red Hat Enterprise Linux 8 |