-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.2474
           java-1.8.0-openjdk and java-11-openjdksecurity update
                               22 July 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           java-1.8.0-openjdk
                   java-11-openjdk
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Arbitrary Files          -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-2388 CVE-2021-2369 CVE-2021-2341

Reference:         ASB-2021.0144

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:2774
   https://access.redhat.com/errata/RHSA-2021:2775
   https://access.redhat.com/errata/RHSA-2021:2776
   https://access.redhat.com/errata/RHSA-2021:2781
   https://access.redhat.com/errata/RHSA-2021:2782
   https://access.redhat.com/errata/RHSA-2021:2783
   https://access.redhat.com/errata/RHSA-2021:2784
   https://access.redhat.com/errata/RHSA-2021:2845

Comment: This bulletin contains eight (8) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update
Advisory ID:       RHSA-2021:2774-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2774
Issue date:        2021-07-21
CVE Names:         CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise
Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incorrect comparison during range check elimination (Hotspot,
8264066) (CVE-2021-2388)

* OpenJDK: FTP PASV command response can cause FtpClient to connect to
arbitrary host (Networking, 8258432) (CVE-2021-2341)

* OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF
files (Library, 8260967) (CVE-2021-2369)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.src.rpm

aarch64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.aarch64.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el8_2.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el8_2.noarch.rpm

ppc64le:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.ppc64le.rpm

s390x:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.s390x.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.s390x.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.s390x.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.s390x.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.s390x.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.s390x.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2341
https://access.redhat.com/security/cve/CVE-2021-2369
https://access.redhat.com/security/cve/CVE-2021-2388
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPgM99zjgjWX9erEAQiQZA//SoIGlEqapav3NzhfdGOPcFOUU2z7F96c
LYFxYW2dGYG7dJLJhGpZnwFs31v3sCvZzbln0KfVbcA+rMEC/Wxj0DLUxQVPO/KT
tK26WjNt4iZ9GlH6zhXi09fTcte6H/IfGRyH2gvpUXswRI1gZChoObEvpQfaTwDs
WCFX2ELCU4rL/9MYVl4DeiTssqeRKxxaZbcF12AJbriye2ss7io8NBIrcwffgZeC
ljMUoCiMSritgTwlAACWJvyDfO/aChALLdarVsU2jR4U36VMBfMwYnFBlhCvhM9w
7RESkjsKXas1ClavFEmpIESAOBlrQWCpMTEv8Rf+1mJvXSD8joWwJM5N3XOSOSbO
ZwcQ6UAWh4gmNcrmGqxyyn15fPgAPEey8ptWoOP/ZmvbVg4HrRMem3IUHz8LHpru
W//De7Yb2qNYDH+2GEvv4kPrqhIrloF2Esk1EOrOV4z9vx2MfnhMsacOwbzBpVR/
lqVwPpI9cpbu1jW5eNPImkFfgYoM9Um0l4hk0gMO8b2c2jvNWrqSvGATo4YNUWc5
Bl3PssDA5/tyTaCJGO79NQhEAQFwfX4Zde/LmV01xuvaJNMWHTWcu6XbqCsM/6+l
UscbcPpeUsQ3J33LhrkyCDLZqAJJmxIhNF/yFNxzHFiuJXfNP43yY7GcyDxJsd2M
ZL5EiySja1I=
=FIsX
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update
Advisory ID:       RHSA-2021:2775-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2775
Issue date:        2021-07-21
CVE Names:         CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise
Linux 8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incorrect comparison during range check elimination (Hotspot,
8264066) (CVE-2021-2388)

* OpenJDK: FTP PASV command response can cause FtpClient to connect to
arbitrary host (Networking, 8258432) (CVE-2021-2341)

* OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF
files (Library, 8260967) (CVE-2021-2369)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_1.src.rpm

aarch64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_1.aarch64.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el8_1.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el8_1.noarch.rpm

ppc64le:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_1.ppc64le.rpm

s390x:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_1.s390x.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_1.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_1.s390x.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_1.s390x.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_1.s390x.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_1.s390x.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_1.s390x.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_1.s390x.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_1.s390x.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_1.s390x.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_1.s390x.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2341
https://access.redhat.com/security/cve/CVE-2021-2369
https://access.redhat.com/security/cve/CVE-2021-2388
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPgJrtzjgjWX9erEAQhRPA/+Ll/blrEp/rBJfn2ShJ2gcYA7id0YZB5B
K/bxT1q6nLvpNCQ+P8sWBjt+rCU9F9mSv1amqT+WwhlexE1q3+0256+2TyZrHNL9
763yryIfrB0psSBQ3ygD+oiq5g+cHMoCu//8KEIE4N8BpKUi++MEv4fWGpvp8rJ/
i7KB5dTrGirDuKZUrIeEBsW3ZPxBZ1TgJ0sV8WqOOp+ivbGE8kLTe6ziBFLUbH6l
eTcPSSW5Hkg7EFRiihpp5k/lfqNZmlcOvzPLK9Vj/y7VGrxi+xmK84WNN4dMniaK
KVfeZY+6x5MLGbQXQzdMw4iWoY/RoPBjxVEYpO09JxyYdjVS+CoymVsbqmz7c/Hu
4t4mlqggYuT7B3P9tdHJalji+84MsOh1Qu7/xDIxNuxeJheBGkzCkHmBHTfgy/cK
YO3dn1XAsD1t7Vj1+LX8MomaniNKN0ERIAF64PS58OjKAobGHuP7yHX6h5ocJHIK
vF+PXYaJ6FXSzHtXPrgIX6Gm+89/ICc7WDV7gcUT9aPdJdcx/2M9KRub31emtYWb
xC+JfFWhxkxwxWk8yvoeqlmS2UiaZknDBCsGhsnLxacwqReS+b11/1d5Wi5LjCL2
jCvg5++Vgv/Vzb5hiwYHbJ28wLltUP5EJ82FFIMumeOR6mX4oOBrB3U28t+DNsEk
nCHJ6UwY4Js=
=3XG3
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update
Advisory ID:       RHSA-2021:2776-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2776
Issue date:        2021-07-21
CVE Names:         CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise
Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incorrect comparison during range check elimination (Hotspot,
8264066) (CVE-2021-2388)

* OpenJDK: FTP PASV command response can cause FtpClient to connect to
arbitrary host (Networking, 8258432) (CVE-2021-2341)

* OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF
files (Library, 8260967) (CVE-2021-2369)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.src.rpm

aarch64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_4.aarch64.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el8_4.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el8_4.noarch.rpm

ppc64le:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_4.ppc64le.rpm

s390x:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.s390x.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_4.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.s390x.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.s390x.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_4.s390x.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.s390x.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_4.s390x.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.s390x.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_4.s390x.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.s390x.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_4.s390x.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm

ppc64le:
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm

x86_64:
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2341
https://access.redhat.com/security/cve/CVE-2021-2369
https://access.redhat.com/security/cve/CVE-2021-2388
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPfq+9zjgjWX9erEAQj7Cw//f6F6YabiuFp+uFAjdVkUXUhonLSD7XCD
PG+H2c+44UUZExOXXxuQ6UwbJlSYPg/jgAv+AXlcvxRwJd3aLEHoJc6EGTsmaV+t
LRYqxBeVlUphmz8jED3MnPIap3/FXDq/q2rKcNNUFvcz37SzmJ1WfLuHJXciAmOI
U/ACIVyUJoBmxlBWAIpxUEr6umyTJalbstWs9xVptexFTOwYC04tRbpJyMpujpko
4+fjsh7QNXQ2iw6/gHz3A7tXgH/0aU/lTyaFWiyfK0f5Ow9D9sPBifYEUZTYqqxd
TUNyrpGVhu0/KFP3R8UNz2AU6SvuAJYQK+JjGw7zFOYhaOPcOg6jzFgsGHcaF+Sa
PkvOS8Mx6ZbRYYjmKuo3B1T89XZxv22VAdf8PNkAm6XfFj9tCbYPrmVgkqMfVF+5
0dNWkNNolBjEJXo6sEg6Sdohm4ChmXSJRsAikENikdN6vayezA46m/f/MaDkamq0
EDnYVTiUorYNMlfVCzMYfnZxZbc1mR1WODx7pzIPunF8yCp6Z9RIZy+r/d9hBVQy
IKM7tggOH35UEUnqbOwGNT8GUuIcQU+kv6J9dFzA9ZUZ/k0kQBXUBkkyGF/ymtzM
hh94DiWOk29+yIEUZnkSd+semc26uQ0W5Ex3aF/F3ggdZvZaao9f/9Dt/foPkcxl
uAMq0pgoLTw=
=R2Dt
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security update
Advisory ID:       RHSA-2021:2781-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2781
Issue date:        2021-07-21
CVE Names:         CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux
8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incorrect comparison during range check elimination (Hotspot,
8264066) (CVE-2021-2388)

* OpenJDK: FTP PASV command response can cause FtpClient to connect to
arbitrary host (Networking, 8258432) (CVE-2021-2341)

* OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF
files (Library, 8260967) (CVE-2021-2369)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
java-11-openjdk-11.0.12.0.7-0.el8_4.src.rpm

aarch64:
java-11-openjdk-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el8_4.aarch64.rpm

ppc64le:
java-11-openjdk-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el8_4.ppc64le.rpm

s390x:
java-11-openjdk-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el8_4.s390x.rpm

x86_64:
java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-devel-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-headless-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-demo-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-devel-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-headless-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-jmods-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-src-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm
java-11-openjdk-static-libs-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm

ppc64le:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-demo-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-devel-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-headless-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-jmods-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-src-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm
java-11-openjdk-static-libs-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm

s390x:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-demo-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-devel-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-headless-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-jmods-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-src-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm
java-11-openjdk-static-libs-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm

x86_64:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-demo-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-demo-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-devel-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-devel-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-devel-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-headless-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-headless-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-headless-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-jmods-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-jmods-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-src-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-src-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-static-libs-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm
java-11-openjdk-static-libs-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2341
https://access.redhat.com/security/cve/CVE-2021-2369
https://access.redhat.com/security/cve/CVE-2021-2388
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPfeytzjgjWX9erEAQiSPA/8CayAcrep+V91vmrWBXqXbKit+PK+Twwf
ICt/ZtEjaqlRqWcrlOqfBDRulkDYFUAZzYNIxfvyDyxQnaYMSkhjR1etGkGZFVW/
zNzwh0IKiMawKucdJOmpna2vNBE+9ZfYJl47+gb+6r9QKB0MijFQLSRSS75ZPpop
45vKsb8KvCscsUVbuZyhWHMRV3Nehl4i0VQsgaXbG6c1S/XKQH3W6C7qDiLjjGzl
AtlPVuCG0vJPTY/OBnvMZ1ZaoOfGdFnLSrFQZEx7uNmPKrlzDjbDgl8A0VSfilgK
IQzDYmXdhGSIC23dKnDAFchzEaqBIr9jYGli8N5e5s+KtvHytmHhD2SiPytr0JvO
MsMWArr0xQLGBbdHFKryrH+SJazD6S9bXWqWq9TSTqrIH265z62d8iU7ayUpv9er
2hWdpydHcu5dfiB70UAV5DCUhPk+3RAufGDhVKlD38DteeTP1COevhuUBNNURxk9
Hj1KfbgWItIhbMHyAsnRV8N7gJdX7sWCSE7O+JUlj3tygIeZ6FXrQMUhF31o9nKb
D+WB16j6zPTGw9pDF5LyqTYTx/bcUrVhpSVXPvOXpD/Y+Yl3AiokbL+dxizdtlAA
aK05YR7oCK+SxQoc2MAFJ5oBWwKMwS03OjFrZm+PTDQFbGf6U6CxeZ/UG5OABwTo
k1I/X4uSWrI=
=IBd5
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security update
Advisory ID:       RHSA-2021:2782-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2782
Issue date:        2021-07-21
CVE Names:         CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux
8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incorrect comparison during range check elimination (Hotspot,
8264066) (CVE-2021-2388)

* OpenJDK: FTP PASV command response can cause FtpClient to connect to
arbitrary host (Networking, 8258432) (CVE-2021-2341)

* OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF
files (Library, 8260967) (CVE-2021-2369)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
java-11-openjdk-11.0.12.0.7-0.el8_2.src.rpm

aarch64:
java-11-openjdk-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_2.aarch64.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el8_2.aarch64.rpm

ppc64le:
java-11-openjdk-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_2.ppc64le.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el8_2.ppc64le.rpm

s390x:
java-11-openjdk-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_2.s390x.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el8_2.s390x.rpm

x86_64:
java-11-openjdk-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_2.x86_64.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2341
https://access.redhat.com/security/cve/CVE-2021-2369
https://access.redhat.com/security/cve/CVE-2021-2388
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPfdntzjgjWX9erEAQgunA/9Hhh5f7JDFNZ1my7JTmSUAk40mBLYKK03
HSa/spLDH9a2JRKoy1gCdKSfDU/RoPz/VvFCWKl48ezhapX+mQ9/btCqs5T1YSRH
m1czYSc+xHhkEbvSl5aoxl8jhnFGw/3P8aNMjveYpfia9J7hdkLXQ8i5NusIhdM4
1GivK+p0GAaloKWRs+jxrifePRiyDaXboIYKK6fs7wvhTnzztaqDhvckIraqQZTE
+U0ZFkA0SvMf/KyNXdraHVpNMarEfclP9wVaAnV0bYxzg2VKDWYgfTXhc348RY1c
TjXyGwi1rWPJ6KR2AKk+nNxCl+yMwOpfyuMXU8hZKzkBcLKQ2Q0r/8QOsWE9Jhk9
S4Frq/lJVU2cQCw/59KWjvVn4ctkQ4dEC5NjvNRN5u3m+xOpjl+dUKwGQ9uDzPIQ
gEEEW+OvtSbr4KMRXSEeX3W3QSaQLGvDIH+dkRmSD1fbsEhUGr9h+TLzNub9jqyX
Up0s/6sugOyGQE/8hF5Sp38jOomynn6YE9Ylpe9byAHNZBSqLGhLRilFT5T3KSAh
yZ2JWxAMaYpbNDx532ga18Tfs6JJe2SlcCe3JNUWuebt9RlG17wiGZtBJqWPGmYI
3ejLY1cHZJDTtimZXtozb9sDOw4R6wbZATS6pxcZoI5z9hEaZnjkdaco65lF6JZw
/H8y1B3oQYc=
=PbWr
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security update
Advisory ID:       RHSA-2021:2783-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2783
Issue date:        2021-07-21
CVE Names:         CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux
8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incorrect comparison during range check elimination (Hotspot,
8264066) (CVE-2021-2388)

* OpenJDK: FTP PASV command response can cause FtpClient to connect to
arbitrary host (Networking, 8258432) (CVE-2021-2341)

* OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF
files (Library, 8260967) (CVE-2021-2369)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
java-11-openjdk-11.0.12.0.7-0.el8_1.src.rpm

aarch64:
java-11-openjdk-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_1.aarch64.rpm

ppc64le:
java-11-openjdk-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_1.ppc64le.rpm

s390x:
java-11-openjdk-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_1.s390x.rpm

x86_64:
java-11-openjdk-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2341
https://access.redhat.com/security/cve/CVE-2021-2369
https://access.redhat.com/security/cve/CVE-2021-2388
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPfU89zjgjWX9erEAQjdIQ//WbkD1noP47jYEEqqKY59HF3W4bsgk7YA
TMIG2oelYnLokgdH+R1WR9Wgn1HBmmIUI4lGiCCBZtxW8G8dhrPll54tqAZ5FjWq
mYNA3oXU2GioqVkkrjytNhB9taKGg85cKbe4fTQHKGSfrKKUy6ysT+A8/Xh2c2hr
Utguv1NpK9vP0fEP7zT6C9Brkjc5QEg1nmuchgxyezY5eeVUaOBnhT/m0t6HfH3l
SrSzSJTz0dxYeOcu0zhAuLPIkAQDOlo9w1l1ZwEWBeND1/v0k86/IWa+1ADMNwtN
+NIzVnVeLWQrGxwKS4A1ZOVeiv4crwVh2n3WwKEz5sZtj3n4dP/slj6b8Zn3sewI
2zg8MYLaOQUC95xQf1YAA60P2bvUhJ6yl/tQhzXGc0MIhC/aTLLRPcNt6w8RYu7c
TvMdPCrD6Rp7MBIwUipXAw3aADWrlYN5lztAxzwLjyzCela6piAhrIVJU1mYDfsh
0DTJbhkW4YvDEUHh1SY7qzLXxy23N1smkyixMQWMXYsgUBxFKEFJAt75SMNtnuQo
SQAq824UunGlqy9ni9BuRVmyc6zKwCpFt1X1vyUxmlO2A8uss6QgL8CJy4BYaayR
Dp1C9whHw4J6Vpfrv5r2ENzbm9u062MFsrWo+jepmK/CNfWMwC4i1gsfqx1nWvTZ
Gri4DFTfGsw=
=b+s2
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security update
Advisory ID:       RHSA-2021:2784-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2784
Issue date:        2021-07-21
CVE Names:         CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incorrect comparison during range check elimination (Hotspot,
8264066) (CVE-2021-2388)

* OpenJDK: FTP PASV command response can cause FtpClient to connect to
arbitrary host (Networking, 8258432) (CVE-2021-2341)

* OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF
files (Library, 8260967) (CVE-2021-2369)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1967811 - Prepare for the next quarterly OpenJDK upstream release (2021-07, 11.0.12) [rhel-7]
1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
java-11-openjdk-11.0.12.0.7-0.el7_9.src.rpm

x86_64:
java-11-openjdk-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
java-11-openjdk-11.0.12.0.7-0.el7_9.src.rpm

x86_64:
java-11-openjdk-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-11-openjdk-11.0.12.0.7-0.el7_9.src.rpm

ppc64:
java-11-openjdk-11.0.12.0.7-0.el7_9.ppc64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.ppc64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.ppc64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.ppc64.rpm

ppc64le:
java-11-openjdk-11.0.12.0.7-0.el7_9.ppc64le.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.ppc64le.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.ppc64le.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.ppc64le.rpm

s390x:
java-11-openjdk-11.0.12.0.7-0.el7_9.s390x.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.s390x.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.s390x.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.s390x.rpm

x86_64:
java-11-openjdk-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.ppc64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.ppc64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.ppc64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.ppc64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.ppc64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.ppc64.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.ppc64.rpm

ppc64le:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.ppc64le.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.ppc64le.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.ppc64le.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.ppc64le.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.ppc64le.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.ppc64le.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.ppc64le.rpm

s390x:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.s390x.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.s390x.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.s390x.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.s390x.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.s390x.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.s390x.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.s390x.rpm

x86_64:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
java-11-openjdk-11.0.12.0.7-0.el7_9.src.rpm

x86_64:
java-11-openjdk-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-devel-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-headless-11.0.12.0.7-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-demo-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-src-11.0.12.0.7-0.el7_9.x86_64.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.i686.rpm
java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2341
https://access.redhat.com/security/cve/CVE-2021-2369
https://access.redhat.com/security/cve/CVE-2021-2388
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPfqwNzjgjWX9erEAQgNmA/+Jy9kklIZkm56LvGQqWrqhHe9UMsu7Nid
PZ+XXaoNJ++azIIsAYHvvIWBQplFMcxpBMcBbg6wUOJqEKkwPxw8N/pBPg7O9v+M
nEopmZYX0JbyA1c2RrWbB0d7WpcmaC1aCjCuq9U5iqWAYkou/4VFqg+gz5btvlhj
5b4x7cpEraR2MEBM8nGIoDk2VeLgykKZr4tElsWzSSheE7lm/bTB5wrgx6w1WWvy
YrK8uzoVBjKdJ6qIL9VJ1c9i9ONeIOGKDJ93gAI/Uj0hD8AHewDW5mkC1HQJPPwe
T+COVsqS4jgOtAzTSnnDwDN/ZUEsW0yKB1PIocOmWe4KPFYMvBhEZcFZWdm5t/45
VHY8/tNrYfGkCFR+4/SQC564gvGKv3DYbo0EMe2/SPGPcORMEwXmInNPRtLDLPS8
AYEUrPmhXbUmI4Z6H9Ib9wCpdzEYCW/x2lSXec1QW1zTtKs1Ex0aSg9MaC+vSs2N
5ObTCS4J7bWRs/Mjx9g76FfEQcgEX6Ob+4yT9JWJCWLi0hPxPeRT4XAHOr8yvnfZ
IyMQjcvkqg037cDcrxZdW2BetaHKwziKaD0tuF7Tr6XJdHkGlMGr5h7iYwCY+2R2
X5McTcHH93VzWe45cepY0RXc8KCdPhWT2YI30EN2SmA72LkRMtNb/4ukquNfA/W5
7HnKQw5TGkY=
=YI4N
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security and bug fix update
Advisory ID:       RHSA-2021:2845-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2845
Issue date:        2021-07-21
CVE Names:         CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incorrect comparison during range check elimination (Hotspot,
8264066) (CVE-2021-2388)

* OpenJDK: FTP PASV command response can cause FtpClient to connect to
arbitrary host (Networking, 8258432) (CVE-2021-2341)

* OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF
files (Library, 8260967) (CVE-2021-2369)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* JDK-8266279: 8u292 NoSuchAlgorithmException unrecognized algorithm name:
PBEWithSHA1AndDESede (BZ#1960024)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1960024 - JDK-8266279: 8u292 NoSuchAlgorithmException unrecognized algorithm name: PBEWithSHA1AndDESede
1967809 - Prepare for the next quarterly OpenJDK upstream release (2021-07, 8u302) [rhel-7]
1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el7_9.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el7_9.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.src.rpm

ppc64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.ppc64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.ppc64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.ppc64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.ppc64.rpm

ppc64le:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.ppc64le.rpm

s390x:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.s390x.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.s390x.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.s390x.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el7_9.noarch.rpm

ppc64:
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.ppc64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.ppc64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.ppc64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.ppc64.rpm

ppc64le:
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.ppc64le.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.ppc64le.rpm

s390x:
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.s390x.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.s390x.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.s390x.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el7_9.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2341
https://access.redhat.com/security/cve/CVE-2021-2369
https://access.redhat.com/security/cve/CVE-2021-2388
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPgYN9zjgjWX9erEAQhZixAAm4aIwkauLPfR1KYok9A6Lgb5eAGyBjXE
g8/H42TUhEw99okpGCCAnp+p2VDSLlldJBmhKHKyXCxYnE/1pMs/ggxYWVXVLJ83
P5hSzPTASxLbgrEIxJiAvwl7Bd5P28KinAWFY8rR8vVweL0dRiHMN4qZ3BQ9bR22
Xm7jQQjFamm0+fOAwAMvrWTqH8iB9Bf4JigfkgaJox16oHDP8mBzvFfV9cBWvSnq
ZWp2slyZMYfcSvF+EiOHoLr/Z5insb5bsiD7imhH60etXvleY5qPthKV6EuM3X+b
ghGphTnLGSq9CI6jeTkMWztR131QEb0+b+dTKk7MmK7xs9eKFQMHL1FScupPwRkY
hbjnuum5MYkNBop+WgopMFhQ/m0ovRzKY1SAzjPO+qFmY3doZ5xbR8Zd6+MRyWwL
yMC3eHEOwr1jvuLQZO7lfDdnV2dDBL4mDwYB+OMcAy2p2B1OdTIW/M6S0wfh34j9
JUd4uLk7GAPbkzuwGUaRCiyzjtG7PnbUV31Q+nSsbqxi/pT1o8dI96YkxXnRlETA
leDZ9h7Gz8Fo/0aVYeANPCkC7j+2DrHG2y8D7SgWfcweuzmhnJGh6hp0735JiDJE
tuSk8aykxH27ZdWjMgqoD8XZ5yQI9zKeU1/2eXCtPb/xJL3I6LKWfEWILBlUs0uP
mSfM57mwADg=
=l7r3
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYPjD6ONLKJtyKPYoAQhpmA//TnLrhzclHXMl5pF4LwHZids8axJKspqh
CjTuz2ub60JN0c7z3x2ZkpcSoEMM6hWUHMdIYQBBnk3OsC1UiCy6m0Bxn5YDK5/3
N/KQsWtmHxMIN5JelBmKm3kZ7TxMjvpaj6c/Hjkqg8PCPd8kv2DQFRLp9V5GPmTC
cYHdxauT10qbCZbv03gbhrBSmBoRZViWZ75igQRrxRtRRe10SiYr/emvy9hL0CZ6
a//lAuY0e91X5dJm3CUO5DyOYiMbTeWR19Mbv7B+2o28erFD9W8i0rC0IXr7p1ew
8hntX5PwfnOn7779YxFHp+r9xN0QjzPjs8DU6NfiteLQbOJaLVU1P0Wtbm3Fa14U
aUJdm3VGIDILt3/HkOlhLsIDTu6KiJCRNxpmICMcC4n9O2hMAmKDmNnlm/0PD4c6
wQimxgeFTuYBbt3Z/E/8QiCgtpmMASltfT7BeKmRgBANbRV5IksK78FafJPWwFsN
6l3ikjyxuzNkgmCbHVsDPdzGGvM9D5mteuNRtP/rzTHH6m2TWcG+EpjsDGjcEz53
UXDpKrGlSXhvFwYL2sBz8xvNF8hJxzixTnu6/17l6dkvXUQNODjaAx1Kl3cQwOBr
j2iUyEHZP3uIYUzDgps9VKm4PrOSIwWKsV8eJoFuMo/BVePaJDS5Becpfb1NfYNv
9N9LxN7tp3o=
=W33R
-----END PGP SIGNATURE-----