MGASA-2022-0435

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0435.html

Import Source

https://advisories.mageia.org/MGASA-2022-0435.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2022-0435

Related

Published

2022-11-24T22:21:24Z

Modified

2022-11-24T21:21:14Z

Summary

Updated java packages fix security vulnerability

Details

Class compilation issue. (CVE-2022-21540) Improper restriction of MethodHandle.invokeBasic(). (CVE-2022-21541) Integer truncation issue in Xalan-J. (CVE-2022-34169) Improper MultiByte conversion can lead to buffer overflow. (CVE-2022-21618) Improper handling of long NTLM client hostnames. (CVE-2022-21619) Insufficient randomization of JNDI DNS port numbers. (CVE-2022-21624) Excessive memory allocation in X.509 certificate parsing. (CVE-2022-21626) HttpServer no connection count limit. (CVE-2022-21628) Missing SNI caching in HTTP/2. (CVE-2022-39399)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / java-1.8.0-openjdk

Package

Name: java-1.8.0-openjdk
Purl: pkg:rpm/mageia/java-1.8.0-openjdk?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0.352.b08-1.1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / java-11-openjdk

Package

Name: java-11-openjdk
Purl: pkg:rpm/mageia/java-11-openjdk?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.17.0.8-1.1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / timezone

Package

Name: timezone
Purl: pkg:rpm/mageia/timezone?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2022e-1.mga8

Ecosystem specific

{
    "section": "core"
}