ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0435
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0435)
Resumen:	The remote host is missing an update for the 'java-1.8.0-openjdk, java-11-openjdk, timezone' package(s) announced via the MGASA-2022-0435 advisory.
Descripción:	Summary: The remote host is missing an update for the 'java-1.8.0-openjdk, java-11-openjdk, timezone' package(s) announced via the MGASA-2022-0435 advisory. Vulnerability Insight: Class compilation issue. (CVE-2022-21540) Improper restriction of MethodHandle.invokeBasic(). (CVE-2022-21541) Integer truncation issue in Xalan-J. (CVE-2022-34169) Improper MultiByte conversion can lead to buffer overflow. (CVE-2022-21618) Improper handling of long NTLM client hostnames. (CVE-2022-21619) Insufficient randomization of JNDI DNS port numbers. (CVE-2022-21624) Excessive memory allocation in X.509 certificate parsing. (CVE-2022-21626) HttpServer no connection count limit. (CVE-2022-21628) Missing SNI caching in HTTP/2. (CVE-2022-39399) Affected Software/OS: 'java-1.8.0-openjdk, java-11-openjdk, timezone' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-21540 Debian Security Information: DSA-5188 (Google Search) https://www.debian.org/security/2022/dsa-5188 Debian Security Information: DSA-5192 (Google Search) https://www.debian.org/security/2022/dsa-5192 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/ https://security.gentoo.org/glsa/202401-25 https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2022-21541 Common Vulnerability Exposure (CVE) ID: CVE-2022-21618 FEDORA-2022-1c07902a5e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/ FEDORA-2022-5d494ab9ab https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/ FEDORA-2022-d989953883 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/ FEDORA-2022-f76014ae17 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/ https://security.netapp.com/advisory/ntap-20221028-0012/ https://www.oracle.com/security-alerts/cpuoct2022.html Common Vulnerability Exposure (CVE) ID: CVE-2022-21619 FEDORA-2022-361f34f2a9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/ FEDORA-2022-b050ae8974 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/ Common Vulnerability Exposure (CVE) ID: CVE-2022-21624 Common Vulnerability Exposure (CVE) ID: CVE-2022-21626 Common Vulnerability Exposure (CVE) ID: CVE-2022-21628 Common Vulnerability Exposure (CVE) ID: CVE-2022-34169 DSA-5188 DSA-5192 DSA-5256 https://www.debian.org/security/2022/dsa-5256 FEDORA-2022-19b6f21746 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/ FEDORA-2022-80afe2304a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/ FEDORA-2022-ae563934f7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/ FEDORA-2022-b76ab52e73 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/ FEDORA-2022-d26586b419 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/ FEDORA-2022-e573851f56 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/ [debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html [oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/07/19/5 [oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/07/19/6 http://www.openwall.com/lists/oss-security/2022/07/20/2 [oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/07/20/3 [oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/10/18/2 [oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing http://www.openwall.com/lists/oss-security/2022/11/04/8 [oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing http://www.openwall.com/lists/oss-security/2022/11/07/2 http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 https://security.netapp.com/advisory/ntap-20220729-0009/ Common Vulnerability Exposure (CVE) ID: CVE-2022-39399
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.