RHSA-2022:7000MediumCVSS 5.5
Red Hat Security Advisory: java-17-openjdk security and bug fix update
🔗 CVE IDs covered (7)
📋 Description
CVE-2022-21618 — OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) CVE-2022-21619 — OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) CVE-2022-21624 — OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) CVE-2022-21626 — OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) CVE-2022-21628 — OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) CVE-2022-33068 — harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc CVE-2022-39399 — OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366)
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2022:7000
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133745
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133753
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133765
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133769
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133776
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133817
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7000.json