CVE-2022-34169

一、漏洞信息
 漏洞编号：[CVE-2022-34169](https://nvd.nist.gov/vuln/detail/CVE-2022-34169)
 漏洞归属组件：[openjdk-11](https://gitee.com/src-openeuler/openjdk-11)
 漏洞归属的版本：11.0.11.9,11.0.12.9,11.0.13.9,11.0.14.9
 CVSS V3.0分值：
  BaseScore：9.8 Critical
  Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 漏洞简述：
  The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
 漏洞公开时间：2022-07-20 02:15
 漏洞创建时间：2022-07-20 08:49:25
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2022-34169
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| nvd | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |  |
| nvd | https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/07/19/5 |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/07/19/6 |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/07/20/3 |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/07/20/2 |  |
| nvd | https://www.oracle.com/security-alerts/cpujul2022.html |  |
| nvd | https://www.debian.org/security/2022/dsa-5188 |  |
| nvd | https://www.debian.org/security/2022/dsa-5192 |  |
| nvd | https://security.netapp.com/advisory/ntap-20220729-0009/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/ |  |
| nvd | http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/ |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/10/18/2 |  |
| nvd | https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html |  |
| nvd | https://www.debian.org/security/2022/dsa-5256 |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/11/04/8 |  |
| redhat | https://access.redhat.com/security/cve/CVE-2022-34169 |  |
| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 | https://bugzilla.suse.com/show_bug.cgi?id=1201684 |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34169 | https://bugzilla.suse.com/show_bug.cgi?id=1201684 |
| suse_bugzilla | http://www.openwall.com/lists/oss-security/2022/07/19/6 | https://bugzilla.suse.com/show_bug.cgi?id=1201684 |
| suse_bugzilla | https://seclists.org/oss-sec/2022/q3/58 | https://bugzilla.suse.com/show_bug.cgi?id=1201684 |
| suse_bugzilla | http://www.openwall.com/lists/oss-security/2022/07/19/5 | https://bugzilla.suse.com/show_bug.cgi?id=1201684 |
| suse_bugzilla | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169 | https://bugzilla.suse.com/show_bug.cgi?id=1201684 |
| suse_bugzilla | https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 | https://bugzilla.suse.com/show_bug.cgi?id=1201684 |
| suse_bugzilla | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw | https://bugzilla.suse.com/show_bug.cgi?id=1201684 |
| redhat_bugzilla | https://www.oracle.com/security-alerts/cpujul2022.html#AppendixJAVA | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#R170_351 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://www.oracle.com/java/technologies/javase/8u341-relnotes.html | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://www.oracle.com/java/technologies/javase/11-0-16-relnotes.html | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://www.oracle.com/java/technologies/javase/17-0-4-relnotes.html | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://www.oracle.com/java/technologies/javase/18-0-2-relnotes.html | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5685 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5684 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5683 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5681 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5687 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5695 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5701 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5697 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5696 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5700 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5698 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5709 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5726 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5736 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5753 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5754 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5755 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5756 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5757 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5758 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://github.com/openjdk/jdk17u/commit/9dcec4db4a6d8fdfc49eefe8028605d9f26848cc | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://github.com/openjdk/jdk11u/commit/13bf52c8d876528a43be7cb77a1f452d29a21492 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://github.com/openjdk/jdk8u/commit/3dca446d440e55cbb7dc3555392f4520ec9ff3bc | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| redhat_bugzilla | https://access.redhat.com/security/cve/cve-2022-34169 | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169 | https://ubuntu.com/security/CVE-2022-34169 |
| ubuntu | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw | https://ubuntu.com/security/CVE-2022-34169 |
| ubuntu | https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 | https://ubuntu.com/security/CVE-2022-34169 |
| ubuntu | https://marc.info/?l=oss-security&m=165825217622132 | https://ubuntu.com/security/CVE-2022-34169 |
| ubuntu | https://openjdk.org/groups/vulnerability/advisories/2022-07-19 | https://ubuntu.com/security/CVE-2022-34169 |
| ubuntu | https://github.com/openjdk/jdk/commit/41ef2b249073450172e11163a4d05762364b1297 | https://ubuntu.com/security/CVE-2022-34169 |
| ubuntu | https://ubuntu.com/security/notices/USN-5546-1 | https://ubuntu.com/security/CVE-2022-34169 |
| ubuntu | https://ubuntu.com/security/notices/USN-5546-2 | https://ubuntu.com/security/CVE-2022-34169 |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-34169 | https://ubuntu.com/security/CVE-2022-34169 |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-34169 | https://ubuntu.com/security/CVE-2022-34169 |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-34169 | https://ubuntu.com/security/CVE-2022-34169 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2022-34169 |
| oracle |  | https://www.oracle.com/security-alerts/cpujul2022.html |
| anolis |  | https://anas.openanolis.cn/cves/detail/CVE-2022-34169 |
| cve_search |  | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |
| cve_search |  | https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2022/07/19/5 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2022/07/19/6 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2022/07/20/3 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2022/07/20/2 |
| cve_search |  | https://www.oracle.com/security-alerts/cpujul2022.html |
| cve_search |  | https://www.debian.org/security/2022/dsa-5188 |
| cve_search |  | https://www.debian.org/security/2022/dsa-5192 |
| cve_search |  | https://security.netapp.com/advisory/ntap-20220729-0009/ |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/ |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/ |
| cve_search |  | http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/ |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/ |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/ |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/ |
| cve_search |  | http://www.openwall.com/lists/oss-security/2022/10/18/2 |
| cve_search |  | https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html |
| cve_search |  | https://www.debian.org/security/2022/dsa-5256 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2022/11/04/8 |
| nvd | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |  |
| nvd | https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/07/19/5 |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/07/19/6 |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/07/20/3 |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/07/20/2 |  |
| nvd | https://www.oracle.com/security-alerts/cpujul2022.html |  |
| nvd | https://www.debian.org/security/2022/dsa-5188 |  |
| nvd | https://www.debian.org/security/2022/dsa-5192 |  |
| nvd | https://security.netapp.com/advisory/ntap-20220729-0009/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/ |  |
| nvd | http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/ |  |
| nvd | http://www.openwall.com/lists/oss-security/2022/10/18/2 |  |
| nvd | https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html |  |
| nvd | https://www.debian.org/security/2022/dsa-5256 |  |
| redhat | https://access.redhat.com/security/cve/CVE-2022-34169 |  |
| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |  |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34169 |  |
| suse_bugzilla | http://www.openwall.com/lists/oss-security/2022/07/19/6 |  |
| suse_bugzilla | https://seclists.org/oss-sec/2022/q3/58 |  |
| suse_bugzilla | http://www.openwall.com/lists/oss-security/2022/07/19/5 |  |
| suse_bugzilla | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169 |  |
| suse_bugzilla | https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 |  |
| suse_bugzilla | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |  |
| redhat_bugzilla | https://www.oracle.com/security-alerts/cpujul2022.html#AppendixJAVA |  |
| redhat_bugzilla | https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#R170_351 |  |
| redhat_bugzilla | https://www.oracle.com/java/technologies/javase/8u341-relnotes.html |  |
| redhat_bugzilla | https://www.oracle.com/java/technologies/javase/11-0-16-relnotes.html |  |
| redhat_bugzilla | https://www.oracle.com/java/technologies/javase/17-0-4-relnotes.html |  |
| redhat_bugzilla | https://www.oracle.com/java/technologies/javase/18-0-2-relnotes.html |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5685 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5684 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5683 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5681 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5687 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5695 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5701 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5697 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5696 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5700 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5698 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5709 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5726 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5736 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5753 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5754 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5755 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5756 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5757 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2022:5758 |  |
| redhat_bugzilla | https://github.com/openjdk/jdk17u/commit/9dcec4db4a6d8fdfc49eefe8028605d9f26848cc |  |
| redhat_bugzilla | https://github.com/openjdk/jdk11u/commit/13bf52c8d876528a43be7cb77a1f452d29a21492 |  |
| redhat_bugzilla | https://github.com/openjdk/jdk8u/commit/3dca446d440e55cbb7dc3555392f4520ec9ff3bc |  |
| redhat_bugzilla | https://access.redhat.com/security/cve/cve-2022-34169 |  |
| redhat_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2108554 |  |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169 |  |
| ubuntu | https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw |  |
| ubuntu | https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8 |  |
| ubuntu | https://marc.info/?l=oss-security&m=165825217622132 |  |
| ubuntu | https://openjdk.org/groups/vulnerability/advisories/2022-07-19 |  |
| ubuntu | https://github.com/openjdk/jdk/commit/41ef2b249073450172e11163a4d05762364b1297 |  |
| ubuntu | https://ubuntu.com/security/notices/USN-5546-1 |  |
| ubuntu | https://ubuntu.com/security/notices/USN-5546-2 |  |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-34169 |  |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-34169 |  |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-34169 |  |
| debian | https://security-tracker.debian.org/tracker/CVE-2022-34169 |  |
| oracle | https://www.oracle.com/security-alerts/cpujul2022.html |  |
| anolis | https://anas.openanolis.cn/cves/detail/CVE-2022-34169 |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/ |  |
| nvd | http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/ |  |
| nvd | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/ |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其它
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
|  |  | https://github.com/openjdk/jdk17u/commit/9dcec4db4a6d8fdfc49eefe8028605d9f26848cc |  | redhat_bugzilla |
|  |  | https://github.com/openjdk/jdk11u/commit/13bf52c8d876528a43be7cb77a1f452d29a21492 |  | redhat_bugzilla |
|  |  | https://github.com/openjdk/jdk8u/commit/3dca446d440e55cbb7dc3555392f4520ec9ff3bc |  | redhat_bugzilla |
|  |  | https://github.com/openjdk/jdk/commit/41ef2b249073450172e11163a4d05762364b1297 |  | ubuntu |
|  |  | https://github.com/openjdk/jdk17u/commit/9dcec4db4a6d8fdfc49eefe8028605d9f26848cc |  | redhat_bugzilla |
|  |  | https://github.com/openjdk/jdk11u/commit/13bf52c8d876528a43be7cb77a1f452d29a21492 |  | redhat_bugzilla |
|  |  | https://github.com/openjdk/jdk8u/commit/3dca446d440e55cbb7dc3555392f4520ec9ff3bc |  | redhat_bugzilla |
|  |  | https://github.com/openjdk/jdk/commit/41ef2b249073450172e11163a4d05762364b1297 |  | ubuntu |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
        The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.   
 openEuler评分：
  7.5
 Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(11.0.12.9):受影响
2.openEuler-20.03-LTS-SP3(11.0.14.9):受影响
3.openEuler-22.03-LTS(11.0.14.9):受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(11.0.12.9):否
2.openEuler-20.03-LTS-SP3(11.0.14.9):否
3.openEuler-22.03-LTS(11.0.14.9):否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2022-1849

src-openEuler/openjdk-11
关闭

内容风险标识

评论 (12)

src-openEuler/openjdk-11关闭 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2022-34169

评论 (12)

搜索帮助

src-openEuler/openjdk-11
关闭