OpenJDK Security Update (8u352) (MINDBREEZE25529)

ID: MINDBREEZE25529 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 5.3 Medium 
Status: Final 
First published: January 25, 2023 
CVEs: CVE-2022-21626, CVE-2022-21624, CVE-2022-21619 

Summary

  • CVE-2022-21626 - OpenJDK: improper handling of long NTLM client hostnames (Networking, 8286526) 
  • CVE-2022-21624 - OpenJDK: excessive memory allocation in X.509 certificate parsing (Libraries, 8286533) 
  • CVE-2022-21619 - OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) 

 

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

  • Mindbreeze InSpire 22.3 Release (Version 22.3.0.1109) 

  • Mindbreeze InSpire SaaS 22.3 Release (Version 22.3.0.1109)