openSUSE: 2021:3770-1 important: java-1_8_0-openjdk
Description
This update for java-1_8_0-openjdk fixes the following issues: Update to version OpenJDK 8u312 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903). - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906).
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3770=1
Package List
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.312-3.58.2 java-1_8_0-openjdk-accessibility-1.8.0.312-3.58.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-3.58.2 java-1_8_0-openjdk-debugsource-1.8.0.312-3.58.2 java-1_8_0-openjdk-demo-1.8.0.312-3.58.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.58.2 java-1_8_0-openjdk-devel-1.8.0.312-3.58.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.58.2 java-1_8_0-openjdk-headless-1.8.0.312-3.58.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.58.2 java-1_8_0-openjdk-src-1.8.0.312-3.58.2 - openSUSE Leap 15.3 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.312-3.58.2
References
https://www.suse.com/security/cve/CVE-2021-35550.html https://www.suse.com/security/cve/CVE-2021-35556.html https://www.suse.com/security/cve/CVE-2021-35559.html https://www.suse.com/security/cve/CVE-2021-35561.html https://www.suse.com/security/cve/CVE-2021-35564.html https://www.suse.com/security/cve/CVE-2021-35565.html https://www.suse.com/security/cve/CVE-2021-35567.html https://www.suse.com/security/cve/CVE-2021-35578.html https://www.suse.com/security/cve/CVE-2021-35586.html https://www.suse.com/security/cve/CVE-2021-35588.html https://www.suse.com/security/cve/CVE-2021-35603.html https://bugzilla.suse.com/1191901 https://bugzilla.suse.com/1191903 https://bugzilla.suse.com/1191904 https://bugzilla.suse.com/1191905 https://bugzilla.suse.com/1191906 https://bugzilla.suse.com/1191909 https://bugzilla.suse.com/1191910 https://bugzilla.suse.com/1191911 https://bugzilla.suse.com/1191912 https://bugzilla.suse.com/1191913 https://bugzilla.suse.com/1191914