CVE ID:	CVE-2022-34169
Description:	The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Test IDs:	1.3.6.1.4.1.25623.1.0.893155
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2022-34169 https://security.gentoo.org/glsa/202401-25 DSA-5188 https://www.debian.org/security/2022/dsa-5188 DSA-5192 https://www.debian.org/security/2022/dsa-5192 DSA-5256 https://www.debian.org/security/2022/dsa-5256 FEDORA-2022-19b6f21746 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/ FEDORA-2022-80afe2304a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/ FEDORA-2022-ae563934f7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/ FEDORA-2022-b76ab52e73 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/ FEDORA-2022-d26586b419 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/ FEDORA-2022-e573851f56 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/ [debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html [oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/07/19/5 [oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/07/19/6 [oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/07/20/2 [oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/07/20/3 [oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/10/18/2 [oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing http://www.openwall.com/lists/oss-security/2022/11/04/8 [oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing http://www.openwall.com/lists/oss-security/2022/11/07/2 http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 https://security.netapp.com/advisory/ntap-20220729-0009/ https://security.netapp.com/advisory/ntap-20220729-0009/ https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpujul2022.html