ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
- CVEs
- Documentation
ELS for Languages
- CVEs
- Releases
- Projects
- Documentation

CVE-2022-34169

Updated: 2023-11-04 20:29:36.313813

Description:

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x		0
CVSS Version 3.x	HIGH	7.5

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated
CentOS 6 ELS	java-1.7.0-openjdk	1.7.0	7.5	HIGH	Released	CLSA-2022:1661176564	2022-09-07 11:03:05
CentOS 6 ELS	java-1.8.0-openjdk	1.8.0	7.5	HIGH	Released	CLSA-2022:1659638796	2022-08-15 11:02:31
CentOS 7 ELS	java-1.8.0-openjdk	1.8.0	7.5	HIGH	Already Fixed		2023-11-17 10:08:10
CentOS 8.4 ELS	java-1.8.0-openjdk	1.8.0	7.5	HIGH	Released	CLSA-2022:1659643989	2022-08-04 17:01:32
CentOS 8.5 ELS	java-1.8.0-openjdk	1.8.0	7.5	HIGH	Released	CLSA-2022:1659643853	2022-08-04 17:01:30
CloudLinux 6 ELS	java-1.7.0-openjdk	1.7.0	7.5	HIGH	Released	CLSA-2022:1661175523	2022-09-07 11:03:06
CloudLinux 6 ELS	java-1.8.0-openjdk	1.8.0	7.5	HIGH	Released	CLSA-2022:1659638017	2022-08-15 11:02:30
Oracle Linux 6 ELS	java-1.7.0-openjdk	1.7.0	7.5	HIGH	Released	CLSA-2022:1661173656	2022-08-22 11:02:48
Oracle Linux 6 ELS	java-1.8.0-openjdk	1.8.0	7.5	HIGH	Released	CLSA-2022:1659636917	2022-08-04 17:01:31
Ubuntu 16.04 ELS	openjdk-8	8	7.5	HIGH	Released	CLSA-2022:1660064249	2022-08-09 14:01:33

Total: 13