CVE-2022-21299 - Oracle Java Standard Edition (SE) Critical Patch Update - January 2022 (CPUJAN2022)

Issues related to applications and software problems
Post Reply
Jcenos7
Posts: 33
Joined: 2021/02/09 22:06:11

CVE-2022-21299 - Oracle Java Standard Edition (SE) Critical Patch Update - January 2022 (CPUJAN2022)

Post by Jcenos7 » 2022/08/09 05:41:14

Hi,

How do patch these ?

Qualys ID: 376252

Title:
Oracle Java Standard Edition (SE) Critical Patch Update - January 2022 (CPUJAN2022)

Solution:
"The vendor has released updates to resolve these issues.

Customers are advised to refer to vendor advisory Oracle Critical Patch Update Advisory - January 2022 (The vendor has released updates to resolve these issues.
<P>
https://www.oracle.com/security-alerts/ ... pendixJAVA)"

File found in server:
/usr/lib/jvm/jre1.8.0_192/bin/java
/usr/lib/jvm/jre1.8.0_60/bin/java

How do we remediate ?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2022-21299 - Oracle Java Standard Edition (SE) Critical Patch Update - January 2022 (CPUJAN2022)

Post by TrevorH » 2022/08/09 11:30:21

You'll need to update your Oracle supplied Java runtime packages. CentOS 7 doesn;t supply any files that match that path:

Code: Select all

[root@centos7 ~]# yum provides '/usr/lib/jvm/jre1.8.0_*/bin/java'
Loaded plugins: priorities
188 packages excluded due to repository priority protections
No matches found
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply