[CLSA-2022:1660064249] Fix CVE(s): CVE-2022-21434, CVE-2022-21426, CVE-2022-21443, CVE-2022-34169, CVE-2022-21540, CVE-2022-21541, CVE-2022-21476, CVE-2022-21496

Type:

security

Severity:

Critical

Release date:

2022-08-09 16:57:29 UTC

Description:

   * Backport upstream releases 8u342 and 8u332 to 16.04 LTS
   * Security fixes in 8u342:
     - JDK-8272243: Improve DER parsing
     - JDK-8272249: Better properties of loaded Properties
     - JDK-8277608: Address IP Addressing
     - JDK-8281859, CVE-2022-21540: Improve class compilation
     - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations
     - JDK-8283190: Improve MIDI processing
     - JDK-8284370: Improve zlib usage
     - JDK-8285407, CVE-2022-34169: Improve Xalan supports
   * Security fixes in 8u332:
     - JDK-8269938: Enhance XML processing passes redux
     - JDK-8270504, CVE-2022-21426: Better XPath expression handling
     - JDK-8272255: Completely handle MIDI files
     - JDK-8272261: Improve JFR recording file processing
     - JDK-8272594: Better record of recordings
     - JDK-8274221: More definite BER encodings
     - JDK-8275151, CVE-2022-21443: Improved Object Identification
     - JDK-8277227: Better identification of OIDs
     - JDK-8277672, CVE-2022-21434: Better invocation handler handling
     - JDK-8278008, CVE-2022-21476: Improve Santuario processing
     - JDK-8278356: Improve file creation
     - JDK-8278449: Improve keychain support
     - JDK-8278805: Enhance BMP image loading
     - JDK-8278972, CVE-2022-21496: Improve URL supports
     - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo

Updated packages:

openjdk-8-demo_8u342-b07-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:016d4780c01045d1c3d7b72f2189f5f205d5141a
openjdk-8-doc_8u342-b07-0ubuntu1~16.04+tuxcare.els1_all.deb
sha:aac2ce7d83538c0eeebcfd05ec6e44b2934632ed
openjdk-8-jdk_8u342-b07-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:9a30c834fe268ead95ff2e6169e129170e60092a
openjdk-8-jdk-headless_8u342-b07-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:473f5fe5bb12cc4511f4ae9b2b6aaac4262f89b6
openjdk-8-jre_8u342-b07-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:8532b4ae48c7a2191791e7caef6a6afab08a660f
openjdk-8-jre-headless_8u342-b07-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:2c17005d6f605cb6a1b3a2c4ef25439578597b21
openjdk-8-jre-jamvm_8u342-b07-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:79a62feb0467c81fef4d849e3b2df460b215a59a
openjdk-8-jre-zero_8u342-b07-0ubuntu1~16.04+tuxcare.els1_amd64.deb
sha:4e99979f882bc6b654a7591469cdec2d2b87b5d9
openjdk-8-source_8u342-b07-0ubuntu1~16.04+tuxcare.els1_all.deb
sha:fe8eb2c13007860e3fba32b64c95be482d413556

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.