ALSA-2022:0161

Source
https://errata.almalinux.org/8/ALSA-2022-0161.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0161.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2022:0161
Related
Published
2022-01-19T08:53:42Z
Modified
2022-01-20T12:33:38Z
Summary
Moderate: java-17-openjdk security update
Details

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248)

  • OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) (CVE-2022-21277)

  • OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282)

  • OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283)

  • OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386) (CVE-2022-21291)

  • OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) (CVE-2022-21293)

  • OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) (CVE-2022-21294)

  • OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296)

  • OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)

  • OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305)

  • OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340)

  • OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) (CVE-2022-21341)

  • OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360)

  • OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365)

  • OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096) (CVE-2022-21366)

For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.

References

Affected packages

AlmaLinux:8 / java-17-openjdk

Package

Name
java-17-openjdk

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-demo

Package

Name
java-17-openjdk-demo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-demo-fastdebug

Package

Name
java-17-openjdk-demo-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-demo-slowdebug

Package

Name
java-17-openjdk-demo-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-devel

Package

Name
java-17-openjdk-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-devel-fastdebug

Package

Name
java-17-openjdk-devel-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-devel-slowdebug

Package

Name
java-17-openjdk-devel-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-fastdebug

Package

Name
java-17-openjdk-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-headless

Package

Name
java-17-openjdk-headless

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-headless-fastdebug

Package

Name
java-17-openjdk-headless-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-headless-slowdebug

Package

Name
java-17-openjdk-headless-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-javadoc

Package

Name
java-17-openjdk-javadoc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-javadoc-zip

Package

Name
java-17-openjdk-javadoc-zip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-jmods

Package

Name
java-17-openjdk-jmods

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-jmods-fastdebug

Package

Name
java-17-openjdk-jmods-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-jmods-slowdebug

Package

Name
java-17-openjdk-jmods-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-slowdebug

Package

Name
java-17-openjdk-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-src

Package

Name
java-17-openjdk-src

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-src-fastdebug

Package

Name
java-17-openjdk-src-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-src-slowdebug

Package

Name
java-17-openjdk-src-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-static-libs

Package

Name
java-17-openjdk-static-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-static-libs-fastdebug

Package

Name
java-17-openjdk-static-libs-fastdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5

AlmaLinux:8 / java-17-openjdk-static-libs-slowdebug

Package

Name
java-17-openjdk-static-libs-slowdebug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.2.0.8-4.el8_5