An integer truncation issue was found in the Xalan Java XSLT library when processing malicious stylesheets. This flaw could be used to potentially execute arbitrary Java bytecode.
Public now via Oracle CPU July 2022: https://www.oracle.com/security-alerts/cpujul2022.html#AppendixJAVA Fixed in Oracle Java SE 7u351, 8u341, 11.0.16, 17.0.4, 18.0.2. Release notes: https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#R170_351 https://www.oracle.com/java/technologies/javase/8u341-relnotes.html https://www.oracle.com/java/technologies/javase/11-0-16-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-4-relnotes.html https://www.oracle.com/java/technologies/javase/18-0-2-relnotes.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:5685 https://access.redhat.com/errata/RHSA-2022:5685
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5684 https://access.redhat.com/errata/RHSA-2022:5684
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5683 https://access.redhat.com/errata/RHSA-2022:5683
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5681 https://access.redhat.com/errata/RHSA-2022:5681
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:5687 https://access.redhat.com/errata/RHSA-2022:5687
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5695 https://access.redhat.com/errata/RHSA-2022:5695
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:5701 https://access.redhat.com/errata/RHSA-2022:5701
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5697 https://access.redhat.com/errata/RHSA-2022:5697
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5696 https://access.redhat.com/errata/RHSA-2022:5696
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5700 https://access.redhat.com/errata/RHSA-2022:5700
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:5698 https://access.redhat.com/errata/RHSA-2022:5698
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5709 https://access.redhat.com/errata/RHSA-2022:5709
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5726 https://access.redhat.com/errata/RHSA-2022:5726
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5736 https://access.redhat.com/errata/RHSA-2022:5736
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u342 Via RHSA-2022:5753 https://access.redhat.com/errata/RHSA-2022:5753
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u342 Via RHSA-2022:5754 https://access.redhat.com/errata/RHSA-2022:5754
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.16 Via RHSA-2022:5755 https://access.redhat.com/errata/RHSA-2022:5755
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.16 Via RHSA-2022:5756 https://access.redhat.com/errata/RHSA-2022:5756
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.4 Via RHSA-2022:5757 https://access.redhat.com/errata/RHSA-2022:5757
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.4 Via RHSA-2022:5758 https://access.redhat.com/errata/RHSA-2022:5758
OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/9dcec4db4a6d8fdfc49eefe8028605d9f26848cc OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/13bf52c8d876528a43be7cb77a1f452d29a21492 OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/3dca446d440e55cbb7dc3555392f4520ec9ff3bc
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-34169
Created xalan-j2 tracking bugs for this issue: Affects: fedora-all [bug 2227076]
This issue has been addressed in the following products: Red Hat build of Apache Camel 3.20.6 for Spring Boot Via RHSA-2024:3708 https://access.redhat.com/errata/RHSA-2024:3708