Download
| Alert*
oval:org.secpod.oval:def:3300889
SUSE Security Update: Security update for java-17-openjdk oval:org.secpod.oval:def:4501163 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class com ... oval:org.secpod.oval:def:3301338 SUSE Security Update: Security update for java-1_8_0-ibm oval:org.secpod.oval:def:88382 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in the execution of arbitrary Java bytecode or the bypass of the Java sandbox. oval:org.secpod.oval:def:3301339 SUSE Security Update: Security update for java-1_8_0-ibm oval:org.secpod.oval:def:89046909 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 11 : - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets . - CVE-2022-21549: Fixed an issue that could lead to ... oval:org.secpod.oval:def:89046879 This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 - CVE-2022-21540: Fixed a potential Java sandbox bypass . - CVE-2022-21541: Fixed a potential Java sandbox bypass . - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a maliciou ... oval:org.secpod.oval:def:1700973 Generated code produced by C1 may leak a package-private class to a class from a different package. MethodHandle.invokeBasic method can be accessed on byte code level from an arbitrary class. The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets. This can ... oval:org.secpod.oval:def:1505850 [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use git apply with patch ... oval:org.secpod.oval:def:1505851 [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use git apply with patch ... oval:org.secpod.oval:def:89046834 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 - CVE-2022-21540: Improve class compilation - CVE-2022-21541: Enhance MethodHandle invocations - CVE-2022-34169: Improve Xalan supports oval:org.secpod.oval:def:1505852 [1:17.0.4.0.8-0.2.ea] - Add rpminspect.yaml to turn off Java bytecode inspections - java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode - Resolves: rhbz#2109106 [1:17.0.4.0.8-0.2.ea] - Revert the following changes until copy-java-configs has adapted to relative s ... oval:org.secpod.oval:def:123647 The OpenJDK 17 runtime environment. oval:org.secpod.oval:def:124056 The OpenJDK 8 runtime environment. oval:org.secpod.oval:def:124055 The OpenJDK 11 runtime environment. oval:org.secpod.oval:def:89046870 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 - CVE-2022-21540: Improve class compilation - CVE-2022-21541: Enhance MethodHandle invocations - CVE-2022-34169: Improve Xalan supports oval:org.secpod.oval:def:124058 The OpenJDK 18 runtime environment. oval:org.secpod.oval:def:1505856 [1.8.0.342.b07-1.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script wit ... oval:org.secpod.oval:def:124057 The OpenJDK 11 runtime environment. oval:org.secpod.oval:def:85661 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in the execution of arbitrary Java bytecode or the bypass of the Java sandbox. oval:org.secpod.oval:def:124063 The OpenJDK 17 runtime environment. oval:org.secpod.oval:def:2600067 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. oval:org.secpod.oval:def:124061 The OpenJDK 8 runtime environment. oval:org.secpod.oval:def:2600069 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. oval:org.secpod.oval:def:507079 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class ... oval:org.secpod.oval:def:507077 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class com ... oval:org.secpod.oval:def:4501115 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-17-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class com ... oval:org.secpod.oval:def:507076 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-17-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class com ... oval:org.secpod.oval:def:97665 [CLSA-2022:1659638796] Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21541, CVE-2022-34169, CVE-2022-21540 oval:org.secpod.oval:def:89047707 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.4+8 - CVE-2022-21540: Improve class compilation - CVE-2022-21541: Enhance MethodHandle invocations - CVE-2022-34169: Improve Xalan supports - CVE-2022-21549: java.util.random does not correctly sample exp ... oval:org.secpod.oval:def:1700962 Generated code produced by C1 may leak a package-private class to a class from a different package. MethodHandle.invokeBasic method can be accessed on byte code level from an arbitrary class. The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets. This can ... oval:org.secpod.oval:def:205972 Security Fix: OpenJDK: integer truncation issue in Xalan-J OpenJDK: class compilation issue OpenJDK: improper restriction of MethodHandle.invokeBasic For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ... oval:org.secpod.oval:def:2500689 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. oval:org.secpod.oval:def:1505869 [1:17.0.4.0.8-0.2.ea] - Revert the following changes until copy-java-configs has adapted to relative symlinks: - * Move cacerts replacement to install section and retain original of this and tzdb.dat - * Run tests on the installed image, rather than the build image - * Introduce variables to refer t ... oval:org.secpod.oval:def:2500763 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. oval:org.secpod.oval:def:124064 The OpenJDK 18 runtime environment. oval:org.secpod.oval:def:507081 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class ... oval:org.secpod.oval:def:507080 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class com ... oval:org.secpod.oval:def:507086 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class ... oval:org.secpod.oval:def:507084 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class com ... oval:org.secpod.oval:def:2600075 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. oval:org.secpod.oval:def:1700947 Generated code produced by C1 may leak a package-private class to a class from a different package. MethodHandle.invokeBasic method can be accessed on byte code level from an arbitrary class. The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets. This can ... oval:org.secpod.oval:def:3300629 SUSE Security Update: Security update for java-1_8_0-openjdk oval:org.secpod.oval:def:89046928 This update for java-1_8_0-ibm fixes the following issues: - Updated to Java 8.0 Service Refresh 7 Fix Pack 11 : - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets . - CVE-2022-21549: Fixed an issue that could lead t ... oval:org.secpod.oval:def:1700951 Generated code produced by C1 may leak a package-private class to a class from a different package. MethodHandle.invokeBasic method can be accessed on byte code level from an arbitrary class. computeNextExponential sometimes returns negative numbers contrary to the documentation. The Xalan Java XSLT ... oval:org.secpod.oval:def:205966 Security Fix: OpenJDK: integer truncation issue in Xalan-J OpenJDK: class compilation issue OpenJDK: improper restriction of MethodHandle.invokeBasic For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ... oval:org.secpod.oval:def:89046897 This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 - CVE-2022-21540: Fixed a potential Java sandbox bypass . - CVE-2022-21541: Fixed a potential Java sandbox bypass . - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a maliciou ... oval:org.secpod.oval:def:89047620 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 - CVE-2022-21540: Improve class compilation - CVE-2022-21541: Enhance MethodHandle invocations - CVE-2022-34169: Improve Xalan supports oval:org.secpod.oval:def:1701003 Generated code produced by C1 may leak a package-private class to a class from a different package. MethodHandle.invokeBasic method can be accessed on byte code level from an arbitrary class. The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets. This can ... oval:org.secpod.oval:def:82290 The host is installed with Oracle Java SE through 7u343, 8u333, 11.0.15.1, 17.0.3.1 or 18.0.1.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect integrity. oval:org.secpod.oval:def:82295 The host is installed with Oracle Java SE through 7u343, 8u333, 11.0.15.1, 17.0.3.1 or 18.0.1.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect integrity. oval:org.secpod.oval:def:507097 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-17-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class com ... oval:org.secpod.oval:def:608768 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in the execution of arbitrary Java bytecode or the bypass of the Java sandbox. oval:org.secpod.oval:def:89046914 This update for java-1_7_1-ibm fixes the following issues: - Updated to Java 7.1 Service Refresh 5 Fix Pack 15 : - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets . - CVE-2022-21549: Fixed an issue that could lead t ... oval:org.secpod.oval:def:89047935 This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition . - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Orac ... oval:org.secpod.oval:def:3301193 SUSE Security Update: Security update for java-11-openjdk oval:org.secpod.oval:def:1505884 [1:11.0.16.0.8-1.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build, ... oval:org.secpod.oval:def:4501007 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk . Security Fix: * OpenJDK: integer truncation issue in Xalan-J * OpenJDK: class ... oval:org.secpod.oval:def:608764 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in the execution of arbitrary Java bytecode or the bypass of the Java sandbox. oval:org.secpod.oval:def:89046961 This update for java-1_8_0-ibm fixes the following issues: Note: the issues listed below were NOT fixed with the previous update . - Update to Java 8.0 Service Refresh 7 Fix Pack 15 : - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing mal ... oval:org.secpod.oval:def:1505848 [1:11.0.16.0.8-1.0.1] - link atomic for ix86 build [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8284920 patch now upstreamed - Print release file during build, which should now in ... oval:org.secpod.oval:def:1505849 [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update ... oval:org.secpod.oval:def:82245 The host is installed with Oracle Java SE through 7u343, 8u333, 11.0.15.1, 17.0.3.1 or 18.0.1.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect integrity. oval:org.secpod.oval:def:1601579 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated at ... oval:org.secpod.oval:def:1601578 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated at ... oval:org.secpod.oval:def:86431 openjdk-17: Open Source Java implementation - openjdk-18: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:97673 [CLSA-2022:1661176564] Fixed 50 CVEs in java-1.7.0-openjdk oval:org.secpod.oval:def:1701005 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unaut ... oval:org.secpod.oval:def:1700999 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated at ... oval:org.secpod.oval:def:707659 openjdk-17: Open Source Java implementation - openjdk-18: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:82249 The host is installed with Oracle Java SE through 7u343, 8u333, 11.0.15.1, 17.0.3.1 or 18.0.1.1, or Azul Zulu 7 before 7.55, 8 before 8.63, 11 before 11.57, 13 before 13.49, 15 before 15.41, or 17 before 17.35 and is prone to an unspecified vulnerability. A flaw is present in the application, which ... |