Oval Definition:
oval:org.opensuse.security:def:102102
Revision Date
:
2022-03-14
Version
:
1
Title
:
Security update for java-11-openjdk (Moderate)
Description
:
This update for java-11-openjdk fixes the following issues:
- CVE-2022-21248: Fixed incomplete deserialization class filtering in ObjectInputStream. (bnc#1194926) - CVE-2022-21277: Fixed incorrect reading of TIFF files in TIFFNullDecompressor. (bnc#1194930) - CVE-2022-21282: Fixed Insufficient URI checks in the XSLT TransformerImpl. (bnc#1194933) - CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern. (bnc#1194937) - CVE-2022-21291: Fixed Incorrect marking of writeable fields. (bnc#1194925) - CVE-2022-21293: Fixed Incomplete checks of StringBuffer and StringBuilder during deserialization. (bnc#1194935) - CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during deserialization. (bnc#1194934) - CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager. (bnc#1194932) - CVE-2022-21299: Fixed Infinite loop related to incorrect handling of newlines in XMLEntityScanner. (bnc#1194931) - CVE-2022-21305: Fixed Array indexing issues in LIRGenerator. (bnc#1194939) - CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest attributes. (bnc#1194940) - CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream. (bnc#1194941) - CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader. (bnc#1194929) - CVE-2022-21365: Fixed Integer overflow in BMPImageReader. (bnc#1194928) - CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor. (bnc#1194927)
Family
:
unix
Class
:
patch
Status
:
Reference(s)
:
1189724
1194925
1194926
1194927
1194928
1194929
1194930
1194931
1194932
1194933
1194934
1194935
1194937
1194939
1194940
1194941
CVE-2021-38171
CVE-2022-21248
CVE-2022-21277
CVE-2022-21282
CVE-2022-21283
CVE-2022-21291
CVE-2022-21293
CVE-2022-21294
CVE-2022-21296
CVE-2022-21299
CVE-2022-21305
CVE-2022-21340
CVE-2022-21341
CVE-2022-21360
CVE-2022-21365
CVE-2022-21366
SUSE-SU-2022:0816-1
Platform(s)
:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Package Hub 15 SP3
Product(s)
:
Definition Synopsis
SUSE Linux Enterprise Module for Package Hub 15 SP3 is installed
AND
Package Information
java-11-openjdk-javadoc-11.0.14.0-3.74.2 is installed
OR
java-11-openjdk-jmods-11.0.14.0-3.74.2 is installed
BACK