Test ID:	1.3.6.1.4.1.25623.1.0.884222
Category:	CentOS Local Security Checks
Title:	CentOS: Security Advisory for java (CESA-2022:5698)
Summary:	The remote host is missing an update for the 'java'; package(s) announced via the CESA-2022:5698 advisory.
Description:	Summary: The remote host is missing an update for the 'java' package(s) announced via the CESA-2022:5698 advisory. Vulnerability Insight: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk (1.8.0.342.b07). (BZ#2083257) Security Fix(es): * OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169) * OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540) * OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'java' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-21540 Debian Security Information: DSA-5188 (Google Search) https://www.debian.org/security/2022/dsa-5188 Debian Security Information: DSA-5192 (Google Search) https://www.debian.org/security/2022/dsa-5192 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/ https://security.gentoo.org/glsa/202401-25 https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2022-21541 Common Vulnerability Exposure (CVE) ID: CVE-2022-34169 DSA-5188 DSA-5192 DSA-5256 https://www.debian.org/security/2022/dsa-5256 FEDORA-2022-19b6f21746 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/ FEDORA-2022-80afe2304a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/ FEDORA-2022-ae563934f7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/ FEDORA-2022-b76ab52e73 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/ FEDORA-2022-d26586b419 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/ FEDORA-2022-e573851f56 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/ [debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html [oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/07/19/5 [oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/07/19/6 http://www.openwall.com/lists/oss-security/2022/07/20/2 [oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/07/20/3 [oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets http://www.openwall.com/lists/oss-security/2022/10/18/2 [oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing http://www.openwall.com/lists/oss-security/2022/11/04/8 [oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing http://www.openwall.com/lists/oss-security/2022/11/07/2 http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 https://security.netapp.com/advisory/ntap-20220729-0009/
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.