{"id":"CLSA-2022-1661176564","summary":"Fixed 50 CVEs in java-1.7.0-openjdk","details":"- Bump to 2.6.28 and OpenJDK 7u351-b01.\n- Security fixes in 7u351:\n - CVE-2022-21540: Improve class compilation (JDK-8281859)\n - CVE-2022-21541: Enhance MethodHandle invocations (JDK-8281866)\n - CVE-2022-34169: Improve Xalan supports (JDK-8285407)\n- Security fixes in 7u341:\n - CVE-2022-21426: Better XPath expression handling (JDK-8270504)\n - CVE-2022-21434: Better invocation handler handling (JDK-8277672)\n - CVE-2022-21443: Improved Object Identification (JDK-8275151)\n - CVE-2022-21476: Improve Santuario processing (JDK-8278008)\n - CVE-2022-21496: Improve URL supports (JDK-8278972)\n- Security fixes in 7u331:\n - CVE-2022-21248: Enhance cross VM serialization (JDK-8264934)\n - CVE-2022-21282: Better resolution of URIs (JDK-8270492)\n - CVE-2022-21283: Better String matching (JDK-8268813)\n - CVE-2022-21293: Improve String constructions (JDK-8270392)\n - CVE-2022-21294: Enhance construction of Identity maps (JDK-8270416)\n - CVE-2022-21296: Improve SAX Parser configuration management (JDK-8270498)\n - CVE-2022-21299: Improved scanning of XML entities (JDK-8270646)\n - CVE-2022-21305: Better array indexing (JDK-8272014)\n - CVE-2022-21340: Verify Jar Verification (JDK-8272026)\n - CVE-2022-21341: Improve serial forms for transport (JDK-8272236)\n - CVE-2022-21349: Improve Solaris font rendering (JDK-8273748)\n - CVE-2022-21360: Enhance BMP image support (JDK-8273756)\n - CVE-2022-21365: Enhanced BMP processing (JDK-8273838)\n- Security fixes in 7u321:\n - CVE-2021-35550: Update the default enabled cipher suites preference\n   (JDK-8163326)\n - CVE-2021-35556: Richer Text Editors (JDK-8265167)\n - CVE-2021-35559: Enhanced style for RTF kit (JDK-8265580)\n - CVE-2021-35561: Better hashing support (JDK-8266097)\n - CVE-2021-35564: Improve Keystore integrity (JDK-8266137)\n - CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close\n   (JDK-8254967)\n - CVE-2021-35586: Better BMP support (JDK-8267735)\n - CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if\n   InnerClasses attribute's inner_class_info_index is 0 (JDK-8130183)\n - CVE-2021-35603: Better session identification (JDK-8269618)\n- Security fixes in 7u311:\n - CVE-2021-2341: Improve file transfers (JDK-8258432)\n - CVE-2021-2369: Better jar file validation (JDK-8260967)\n - CVE-2021-2432: Provide better LDAP provider support (JDK-8267412)\n- Security fixes in 7u301:\n - CVE-2021-2161: Less ambiguous processing (JDK-8250568)\n - CVE-2021-2163: Enhance opening JARs (JDK-8249906)\n- Security fixes in 7u281:\n - CVE-2020-14779: Enhance support of Proxy class (JDK-8236862)\n - CVE-2020-14781: Enhanced LDAP contexts (JDK-8237990)\n - CVE-2020-14782: Enhance certificate processing (JDK-8237995)\n - CVE-2020-14792: Better range handling (JDK-8241114)\n - CVE-2020-14796: Improved URI Support (JDK-8242680)\n - CVE-2020-14797: Better Path Validation (JDK-8242685)\n - CVE-2020-14798: Enhanced buffer support (JDK-8242695)\n - CVE-2020-14803: Improved Buffer supports (JDK-8244136)\n- Security fixes in 7u271:\n - CVE-2020-14577: Enhance certificate verification (JDK-8237592)\n - CVE-2020-14578: NegativeArraySizeException in\n   sun.security.util.DerInputStream.getUnalignedBitString() (JDK-8028591)\n - CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)\n   (JDK-8028431)\n - CVE-2020-14581: Better matrix operations (JDK-8238002)\n - CVE-2020-14583: Better Buffer support (JDK-8238920)\n - CVE-2020-14593: Less Affine Transformations (JDK-8240119)\n - CVE-2020-14621: Better XML namespace handling (JDK-8242136)\n- Update tzdata requirement to 2022a to match JDK-8283350\n- Update NEWS from IcedTea\n- Adjust jdk8076221-pr2809-disable_rc4_cipher_suites.patch to apply after\n  bump OpenJDK version","modified":"2026-05-27T11:34:43.896105113Z","published":"2022-08-22T13:56:04Z","upstream":["CVE-2020-14577","CVE-2020-14578","CVE-2020-14579","CVE-2020-14581","CVE-2020-14583","CVE-2020-14593","CVE-2020-14621","CVE-2020-14779","CVE-2020-14781","CVE-2020-14782","CVE-2020-14792","CVE-2020-14796","CVE-2020-14797","CVE-2020-14798","CVE-2020-14803","CVE-2021-2161","CVE-2021-2163","CVE-2021-2341","CVE-2021-2369","CVE-2021-2432","CVE-2021-35550","CVE-2021-35556","CVE-2021-35559","CVE-2021-35561","CVE-2021-35564","CVE-2021-35565","CVE-2021-35586","CVE-2021-35588","CVE-2021-35603","CVE-2022-21248","CVE-2022-21282","CVE-2022-21283","CVE-2022-21293","CVE-2022-21294","CVE-2022-21296","CVE-2022-21299","CVE-2022-21305","CVE-2022-21340","CVE-2022-21341","CVE-2022-21349","CVE-2022-21360","CVE-2022-21365","CVE-2022-21426","CVE-2022-21434","CVE-2022-21443","CVE-2022-21476","CVE-2022-21496","CVE-2022-21540","CVE-2022-21541","CVE-2022-34169"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/els6/CLSA-2022-1661176564.html"}],"affected":[{"package":{"name":"java-1.7.0-openjdk","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.7.0-openjdk?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.7.0.351-2.6.28.0.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2022-1661176564.json"}},{"package":{"name":"java-1.7.0-openjdk-demo","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.7.0-openjdk-demo?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.7.0.351-2.6.28.0.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2022-1661176564.json"}},{"package":{"name":"java-1.7.0-openjdk-devel","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.7.0-openjdk-devel?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.7.0.351-2.6.28.0.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2022-1661176564.json"}},{"package":{"name":"java-1.7.0-openjdk-javadoc","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.7.0-openjdk-javadoc?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.7.0.351-2.6.28.0.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2022-1661176564.json"}},{"package":{"name":"java-1.7.0-openjdk-src","ecosystem":"TuxCare:CentOS:6","purl":"pkg:rpm/tuxcare/java-1.7.0-openjdk-src?distro=centos-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.7.0.351-2.6.28.0.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2022-1661176564.json"}}],"schema_version":"1.7.5"}