- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2022-1661173656.json
- JSON Data
-
https://api.osv.dev/v1/vulns/CLSA-2022-1661173656
- Upstream
- Published
- 2022-08-22T13:07:36Z
- Modified
- 2026-05-29T01:34:29.656477292Z
- Summary
-
Fixed 50 CVEs in java-1.7.0-openjdk
- Details
-
- Bump to 2.6.28 and OpenJDK 7u351-b01.
- Security fixes in 7u351:
- CVE-2022-21540: Improve class compilation (JDK-8281859)
- CVE-2022-21541: Enhance MethodHandle invocations (JDK-8281866)
- CVE-2022-34169: Improve Xalan supports (JDK-8285407)
- Security fixes in 7u341:
- CVE-2022-21426: Better XPath expression handling (JDK-8270504)
- CVE-2022-21434: Better invocation handler handling (JDK-8277672)
- CVE-2022-21443: Improved Object Identification (JDK-8275151)
- CVE-2022-21476: Improve Santuario processing (JDK-8278008)
- CVE-2022-21496: Improve URL supports (JDK-8278972)
- Security fixes in 7u331:
- CVE-2022-21248: Enhance cross VM serialization (JDK-8264934)
- CVE-2022-21282: Better resolution of URIs (JDK-8270492)
- CVE-2022-21283: Better String matching (JDK-8268813)
- CVE-2022-21293: Improve String constructions (JDK-8270392)
- CVE-2022-21294: Enhance construction of Identity maps (JDK-8270416)
- CVE-2022-21296: Improve SAX Parser configuration management (JDK-8270498)
- CVE-2022-21299: Improved scanning of XML entities (JDK-8270646)
- CVE-2022-21305: Better array indexing (JDK-8272014)
- CVE-2022-21340: Verify Jar Verification (JDK-8272026)
- CVE-2022-21341: Improve serial forms for transport (JDK-8272236)
- CVE-2022-21349: Improve Solaris font rendering (JDK-8273748)
- CVE-2022-21360: Enhance BMP image support (JDK-8273756)
- CVE-2022-21365: Enhanced BMP processing (JDK-8273838)
- Security fixes in 7u321:
- CVE-2021-35550: Update the default enabled cipher suites preference
(JDK-8163326)
- CVE-2021-35556: Richer Text Editors (JDK-8265167)
- CVE-2021-35559: Enhanced style for RTF kit (JDK-8265580)
- CVE-2021-35561: Better hashing support (JDK-8266097)
- CVE-2021-35564: Improve Keystore integrity (JDK-8266137)
- CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
(JDK-8254967)
- CVE-2021-35586: Better BMP support (JDK-8267735)
- CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if
InnerClasses attribute's innerclassinfo_index is 0 (JDK-8130183)
- CVE-2021-35603: Better session identification (JDK-8269618)
- Security fixes in 7u311:
- CVE-2021-2341: Improve file transfers (JDK-8258432)
- CVE-2021-2369: Better jar file validation (JDK-8260967)
- CVE-2021-2432: Provide better LDAP provider support (JDK-8267412)
- Security fixes in 7u301:
- CVE-2021-2161: Less ambiguous processing (JDK-8250568)
- CVE-2021-2163: Enhance opening JARs (JDK-8249906)
- Security fixes in 7u281:
- CVE-2020-14779: Enhance support of Proxy class (JDK-8236862)
- CVE-2020-14781: Enhanced LDAP contexts (JDK-8237990)
- CVE-2020-14782: Enhance certificate processing (JDK-8237995)
- CVE-2020-14792: Better range handling (JDK-8241114)
- CVE-2020-14796: Improved URI Support (JDK-8242680)
- CVE-2020-14797: Better Path Validation (JDK-8242685)
- CVE-2020-14798: Enhanced buffer support (JDK-8242695)
- CVE-2020-14803: Improved Buffer supports (JDK-8244136)
- Security fixes in 7u271:
- CVE-2020-14577: Enhance certificate verification (JDK-8237592)
- CVE-2020-14578: NegativeArraySizeException in
sun.security.util.DerInputStream.getUnalignedBitString() (JDK-8028591)
- CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
(JDK-8028431)
- CVE-2020-14581: Better matrix operations (JDK-8238002)
- CVE-2020-14583: Better Buffer support (JDK-8238920)
- CVE-2020-14593: Less Affine Transformations (JDK-8240119)
- CVE-2020-14621: Better XML namespace handling (JDK-8242136)
- Update tzdata requirement to 2022a to match JDK-8283350
- Update NEWS from IcedTea
- Adjust jdk8076221-pr2809-disablerc4cipher_suites.patch to apply after
bump OpenJDK version
- References
-
Affected packages
CLSA-2022-1661173656 - OSV
