Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2474 java-1.8.0-openjdk and java-11-openjdksecurity update 22 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: java-1.8.0-openjdk java-11-openjdk Publisher: Red Hat Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Modify Arbitrary Files -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-2388 CVE-2021-2369 CVE-2021-2341 Reference: ASB-2021.0144 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:2774 https://access.redhat.com/errata/RHSA-2021:2775 https://access.redhat.com/errata/RHSA-2021:2776 https://access.redhat.com/errata/RHSA-2021:2781 https://access.redhat.com/errata/RHSA-2021:2782 https://access.redhat.com/errata/RHSA-2021:2783 https://access.redhat.com/errata/RHSA-2021:2784 https://access.redhat.com/errata/RHSA-2021:2845 Comment: This bulletin contains eight (8) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2021:2774-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2774 Issue date: 2021-07-21 CVE Names: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) 1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) 1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.src.rpm aarch64: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.aarch64.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el8_2.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el8_2.noarch.rpm ppc64le: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-2341 https://access.redhat.com/security/cve/CVE-2021-2369 https://access.redhat.com/security/cve/CVE-2021-2388 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPgM99zjgjWX9erEAQiQZA//SoIGlEqapav3NzhfdGOPcFOUU2z7F96c LYFxYW2dGYG7dJLJhGpZnwFs31v3sCvZzbln0KfVbcA+rMEC/Wxj0DLUxQVPO/KT tK26WjNt4iZ9GlH6zhXi09fTcte6H/IfGRyH2gvpUXswRI1gZChoObEvpQfaTwDs WCFX2ELCU4rL/9MYVl4DeiTssqeRKxxaZbcF12AJbriye2ss7io8NBIrcwffgZeC ljMUoCiMSritgTwlAACWJvyDfO/aChALLdarVsU2jR4U36VMBfMwYnFBlhCvhM9w 7RESkjsKXas1ClavFEmpIESAOBlrQWCpMTEv8Rf+1mJvXSD8joWwJM5N3XOSOSbO ZwcQ6UAWh4gmNcrmGqxyyn15fPgAPEey8ptWoOP/ZmvbVg4HrRMem3IUHz8LHpru W//De7Yb2qNYDH+2GEvv4kPrqhIrloF2Esk1EOrOV4z9vx2MfnhMsacOwbzBpVR/ lqVwPpI9cpbu1jW5eNPImkFfgYoM9Um0l4hk0gMO8b2c2jvNWrqSvGATo4YNUWc5 Bl3PssDA5/tyTaCJGO79NQhEAQFwfX4Zde/LmV01xuvaJNMWHTWcu6XbqCsM/6+l UscbcPpeUsQ3J33LhrkyCDLZqAJJmxIhNF/yFNxzHFiuJXfNP43yY7GcyDxJsd2M ZL5EiySja1I= =FIsX - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2021:2775-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2775 Issue date: 2021-07-21 CVE Names: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) 1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) 1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_1.src.rpm aarch64: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_1.aarch64.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el8_1.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el8_1.noarch.rpm ppc64le: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_1.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_1.s390x.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_1.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_1.s390x.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_1.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_1.s390x.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_1.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_1.s390x.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_1.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_1.s390x.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_1.s390x.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_1.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_1.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-2341 https://access.redhat.com/security/cve/CVE-2021-2369 https://access.redhat.com/security/cve/CVE-2021-2388 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPgJrtzjgjWX9erEAQhRPA/+Ll/blrEp/rBJfn2ShJ2gcYA7id0YZB5B K/bxT1q6nLvpNCQ+P8sWBjt+rCU9F9mSv1amqT+WwhlexE1q3+0256+2TyZrHNL9 763yryIfrB0psSBQ3ygD+oiq5g+cHMoCu//8KEIE4N8BpKUi++MEv4fWGpvp8rJ/ i7KB5dTrGirDuKZUrIeEBsW3ZPxBZ1TgJ0sV8WqOOp+ivbGE8kLTe6ziBFLUbH6l eTcPSSW5Hkg7EFRiihpp5k/lfqNZmlcOvzPLK9Vj/y7VGrxi+xmK84WNN4dMniaK KVfeZY+6x5MLGbQXQzdMw4iWoY/RoPBjxVEYpO09JxyYdjVS+CoymVsbqmz7c/Hu 4t4mlqggYuT7B3P9tdHJalji+84MsOh1Qu7/xDIxNuxeJheBGkzCkHmBHTfgy/cK YO3dn1XAsD1t7Vj1+LX8MomaniNKN0ERIAF64PS58OjKAobGHuP7yHX6h5ocJHIK vF+PXYaJ6FXSzHtXPrgIX6Gm+89/ICc7WDV7gcUT9aPdJdcx/2M9KRub31emtYWb xC+JfFWhxkxwxWk8yvoeqlmS2UiaZknDBCsGhsnLxacwqReS+b11/1d5Wi5LjCL2 jCvg5++Vgv/Vzb5hiwYHbJ28wLltUP5EJ82FFIMumeOR6mX4oOBrB3U28t+DNsEk nCHJ6UwY4Js= =3XG3 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2021:2776-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2776 Issue date: 2021-07-21 CVE Names: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) 1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) 1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.src.rpm aarch64: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_4.aarch64.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el8_4.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el8_4.noarch.rpm ppc64le: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_4.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.s390x.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_4.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.s390x.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_4.s390x.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_4.s390x.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_4.s390x.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.s390x.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_4.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_4.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.aarch64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.302.b08-0.el8_4.aarch64.rpm ppc64le: java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.ppc64le.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.302.b08-0.el8_4.ppc64le.rpm x86_64: java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.302.b08-0.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-2341 https://access.redhat.com/security/cve/CVE-2021-2369 https://access.redhat.com/security/cve/CVE-2021-2388 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPfq+9zjgjWX9erEAQj7Cw//f6F6YabiuFp+uFAjdVkUXUhonLSD7XCD PG+H2c+44UUZExOXXxuQ6UwbJlSYPg/jgAv+AXlcvxRwJd3aLEHoJc6EGTsmaV+t LRYqxBeVlUphmz8jED3MnPIap3/FXDq/q2rKcNNUFvcz37SzmJ1WfLuHJXciAmOI U/ACIVyUJoBmxlBWAIpxUEr6umyTJalbstWs9xVptexFTOwYC04tRbpJyMpujpko 4+fjsh7QNXQ2iw6/gHz3A7tXgH/0aU/lTyaFWiyfK0f5Ow9D9sPBifYEUZTYqqxd TUNyrpGVhu0/KFP3R8UNz2AU6SvuAJYQK+JjGw7zFOYhaOPcOg6jzFgsGHcaF+Sa PkvOS8Mx6ZbRYYjmKuo3B1T89XZxv22VAdf8PNkAm6XfFj9tCbYPrmVgkqMfVF+5 0dNWkNNolBjEJXo6sEg6Sdohm4ChmXSJRsAikENikdN6vayezA46m/f/MaDkamq0 EDnYVTiUorYNMlfVCzMYfnZxZbc1mR1WODx7pzIPunF8yCp6Z9RIZy+r/d9hBVQy IKM7tggOH35UEUnqbOwGNT8GUuIcQU+kv6J9dFzA9ZUZ/k0kQBXUBkkyGF/ymtzM hh94DiWOk29+yIEUZnkSd+semc26uQ0W5Ex3aF/F3ggdZvZaao9f/9Dt/foPkcxl uAMq0pgoLTw= =R2Dt - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2021:2781-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2781 Issue date: 2021-07-21 CVE Names: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 ===================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) 1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) 1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: java-11-openjdk-11.0.12.0.7-0.el8_4.src.rpm aarch64: java-11-openjdk-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el8_4.aarch64.rpm ppc64le: java-11-openjdk-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el8_4.ppc64le.rpm s390x: java-11-openjdk-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el8_4.s390x.rpm x86_64: java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el8_4.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-demo-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-devel-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-headless-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-jmods-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-src-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm java-11-openjdk-static-libs-slowdebug-11.0.12.0.7-0.el8_4.aarch64.rpm ppc64le: java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-demo-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-devel-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-headless-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-jmods-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-src-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm java-11-openjdk-static-libs-slowdebug-11.0.12.0.7-0.el8_4.ppc64le.rpm s390x: java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-demo-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-devel-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-headless-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-jmods-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-src-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm java-11-openjdk-static-libs-slowdebug-11.0.12.0.7-0.el8_4.s390x.rpm x86_64: java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-demo-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-demo-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-devel-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-devel-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-headless-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-headless-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-jmods-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-jmods-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-src-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-src-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-static-libs-fastdebug-11.0.12.0.7-0.el8_4.x86_64.rpm java-11-openjdk-static-libs-slowdebug-11.0.12.0.7-0.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-2341 https://access.redhat.com/security/cve/CVE-2021-2369 https://access.redhat.com/security/cve/CVE-2021-2388 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPfeytzjgjWX9erEAQiSPA/8CayAcrep+V91vmrWBXqXbKit+PK+Twwf ICt/ZtEjaqlRqWcrlOqfBDRulkDYFUAZzYNIxfvyDyxQnaYMSkhjR1etGkGZFVW/ zNzwh0IKiMawKucdJOmpna2vNBE+9ZfYJl47+gb+6r9QKB0MijFQLSRSS75ZPpop 45vKsb8KvCscsUVbuZyhWHMRV3Nehl4i0VQsgaXbG6c1S/XKQH3W6C7qDiLjjGzl AtlPVuCG0vJPTY/OBnvMZ1ZaoOfGdFnLSrFQZEx7uNmPKrlzDjbDgl8A0VSfilgK IQzDYmXdhGSIC23dKnDAFchzEaqBIr9jYGli8N5e5s+KtvHytmHhD2SiPytr0JvO MsMWArr0xQLGBbdHFKryrH+SJazD6S9bXWqWq9TSTqrIH265z62d8iU7ayUpv9er 2hWdpydHcu5dfiB70UAV5DCUhPk+3RAufGDhVKlD38DteeTP1COevhuUBNNURxk9 Hj1KfbgWItIhbMHyAsnRV8N7gJdX7sWCSE7O+JUlj3tygIeZ6FXrQMUhF31o9nKb D+WB16j6zPTGw9pDF5LyqTYTx/bcUrVhpSVXPvOXpD/Y+Yl3AiokbL+dxizdtlAA aK05YR7oCK+SxQoc2MAFJ5oBWwKMwS03OjFrZm+PTDQFbGf6U6CxeZ/UG5OABwTo k1I/X4uSWrI= =IBd5 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2021:2782-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2782 Issue date: 2021-07-21 CVE Names: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 ===================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) 1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) 1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: java-11-openjdk-11.0.12.0.7-0.el8_2.src.rpm aarch64: java-11-openjdk-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_2.aarch64.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el8_2.aarch64.rpm ppc64le: java-11-openjdk-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_2.ppc64le.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el8_2.ppc64le.rpm s390x: java-11-openjdk-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_2.s390x.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el8_2.s390x.rpm x86_64: java-11-openjdk-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_2.x86_64.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-2341 https://access.redhat.com/security/cve/CVE-2021-2369 https://access.redhat.com/security/cve/CVE-2021-2388 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPfdntzjgjWX9erEAQgunA/9Hhh5f7JDFNZ1my7JTmSUAk40mBLYKK03 HSa/spLDH9a2JRKoy1gCdKSfDU/RoPz/VvFCWKl48ezhapX+mQ9/btCqs5T1YSRH m1czYSc+xHhkEbvSl5aoxl8jhnFGw/3P8aNMjveYpfia9J7hdkLXQ8i5NusIhdM4 1GivK+p0GAaloKWRs+jxrifePRiyDaXboIYKK6fs7wvhTnzztaqDhvckIraqQZTE +U0ZFkA0SvMf/KyNXdraHVpNMarEfclP9wVaAnV0bYxzg2VKDWYgfTXhc348RY1c TjXyGwi1rWPJ6KR2AKk+nNxCl+yMwOpfyuMXU8hZKzkBcLKQ2Q0r/8QOsWE9Jhk9 S4Frq/lJVU2cQCw/59KWjvVn4ctkQ4dEC5NjvNRN5u3m+xOpjl+dUKwGQ9uDzPIQ gEEEW+OvtSbr4KMRXSEeX3W3QSaQLGvDIH+dkRmSD1fbsEhUGr9h+TLzNub9jqyX Up0s/6sugOyGQE/8hF5Sp38jOomynn6YE9Ylpe9byAHNZBSqLGhLRilFT5T3KSAh yZ2JWxAMaYpbNDx532ga18Tfs6JJe2SlcCe3JNUWuebt9RlG17wiGZtBJqWPGmYI 3ejLY1cHZJDTtimZXtozb9sDOw4R6wbZATS6pxcZoI5z9hEaZnjkdaco65lF6JZw /H8y1B3oQYc= =PbWr - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2021:2783-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2783 Issue date: 2021-07-21 CVE Names: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 ===================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) 1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) 1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: java-11-openjdk-11.0.12.0.7-0.el8_1.src.rpm aarch64: java-11-openjdk-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_1.aarch64.rpm ppc64le: java-11-openjdk-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_1.ppc64le.rpm s390x: java-11-openjdk-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_1.s390x.rpm x86_64: java-11-openjdk-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-2341 https://access.redhat.com/security/cve/CVE-2021-2369 https://access.redhat.com/security/cve/CVE-2021-2388 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPfU89zjgjWX9erEAQjdIQ//WbkD1noP47jYEEqqKY59HF3W4bsgk7YA TMIG2oelYnLokgdH+R1WR9Wgn1HBmmIUI4lGiCCBZtxW8G8dhrPll54tqAZ5FjWq mYNA3oXU2GioqVkkrjytNhB9taKGg85cKbe4fTQHKGSfrKKUy6ysT+A8/Xh2c2hr Utguv1NpK9vP0fEP7zT6C9Brkjc5QEg1nmuchgxyezY5eeVUaOBnhT/m0t6HfH3l SrSzSJTz0dxYeOcu0zhAuLPIkAQDOlo9w1l1ZwEWBeND1/v0k86/IWa+1ADMNwtN +NIzVnVeLWQrGxwKS4A1ZOVeiv4crwVh2n3WwKEz5sZtj3n4dP/slj6b8Zn3sewI 2zg8MYLaOQUC95xQf1YAA60P2bvUhJ6yl/tQhzXGc0MIhC/aTLLRPcNt6w8RYu7c TvMdPCrD6Rp7MBIwUipXAw3aADWrlYN5lztAxzwLjyzCela6piAhrIVJU1mYDfsh 0DTJbhkW4YvDEUHh1SY7qzLXxy23N1smkyixMQWMXYsgUBxFKEFJAt75SMNtnuQo SQAq824UunGlqy9ni9BuRVmyc6zKwCpFt1X1vyUxmlO2A8uss6QgL8CJy4BYaayR Dp1C9whHw4J6Vpfrv5r2ENzbm9u062MFsrWo+jepmK/CNfWMwC4i1gsfqx1nWvTZ Gri4DFTfGsw= =b+s2 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2021:2784-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2784 Issue date: 2021-07-21 CVE Names: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 ===================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1967811 - Prepare for the next quarterly OpenJDK upstream release (2021-07, 11.0.12) [rhel-7] 1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) 1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) 1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-11-openjdk-11.0.12.0.7-0.el7_9.src.rpm x86_64: java-11-openjdk-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-11-openjdk-11.0.12.0.7-0.el7_9.src.rpm x86_64: java-11-openjdk-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-11-openjdk-11.0.12.0.7-0.el7_9.src.rpm ppc64: java-11-openjdk-11.0.12.0.7-0.el7_9.ppc64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.ppc64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.ppc64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.ppc64.rpm ppc64le: java-11-openjdk-11.0.12.0.7-0.el7_9.ppc64le.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.ppc64le.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.ppc64le.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.ppc64le.rpm s390x: java-11-openjdk-11.0.12.0.7-0.el7_9.s390x.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.s390x.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.s390x.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.s390x.rpm x86_64: java-11-openjdk-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.ppc64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.ppc64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.ppc64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.ppc64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.ppc64.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.ppc64.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.ppc64.rpm ppc64le: java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.ppc64le.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.ppc64le.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.ppc64le.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.ppc64le.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.ppc64le.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.ppc64le.rpm s390x: java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.s390x.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.s390x.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.s390x.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.s390x.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.s390x.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.s390x.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.s390x.rpm x86_64: java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-11-openjdk-11.0.12.0.7-0.el7_9.src.rpm x86_64: java-11-openjdk-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-2341 https://access.redhat.com/security/cve/CVE-2021-2369 https://access.redhat.com/security/cve/CVE-2021-2388 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPfqwNzjgjWX9erEAQgNmA/+Jy9kklIZkm56LvGQqWrqhHe9UMsu7Nid PZ+XXaoNJ++azIIsAYHvvIWBQplFMcxpBMcBbg6wUOJqEKkwPxw8N/pBPg7O9v+M nEopmZYX0JbyA1c2RrWbB0d7WpcmaC1aCjCuq9U5iqWAYkou/4VFqg+gz5btvlhj 5b4x7cpEraR2MEBM8nGIoDk2VeLgykKZr4tElsWzSSheE7lm/bTB5wrgx6w1WWvy YrK8uzoVBjKdJ6qIL9VJ1c9i9ONeIOGKDJ93gAI/Uj0hD8AHewDW5mkC1HQJPPwe T+COVsqS4jgOtAzTSnnDwDN/ZUEsW0yKB1PIocOmWe4KPFYMvBhEZcFZWdm5t/45 VHY8/tNrYfGkCFR+4/SQC564gvGKv3DYbo0EMe2/SPGPcORMEwXmInNPRtLDLPS8 AYEUrPmhXbUmI4Z6H9Ib9wCpdzEYCW/x2lSXec1QW1zTtKs1Ex0aSg9MaC+vSs2N 5ObTCS4J7bWRs/Mjx9g76FfEQcgEX6Ob+4yT9JWJCWLi0hPxPeRT4XAHOr8yvnfZ IyMQjcvkqg037cDcrxZdW2BetaHKwziKaD0tuF7Tr6XJdHkGlMGr5h7iYwCY+2R2 X5McTcHH93VzWe45cepY0RXc8KCdPhWT2YI30EN2SmA72LkRMtNb/4ukquNfA/W5 7HnKQw5TGkY= =YI4N - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security and bug fix update Advisory ID: RHSA-2021:2845-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2845 Issue date: 2021-07-21 CVE Names: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * JDK-8266279: 8u292 NoSuchAlgorithmException unrecognized algorithm name: PBEWithSHA1AndDESede (BZ#1960024) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1960024 - JDK-8266279: 8u292 NoSuchAlgorithmException unrecognized algorithm name: PBEWithSHA1AndDESede 1967809 - Prepare for the next quarterly OpenJDK upstream release (2021-07, 8u302) [rhel-7] 1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) 1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) 1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.ppc64.rpm ppc64le: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el7_9.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.ppc64.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.ppc64le.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.s390x.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-2341 https://access.redhat.com/security/cve/CVE-2021-2369 https://access.redhat.com/security/cve/CVE-2021-2388 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPgYN9zjgjWX9erEAQhZixAAm4aIwkauLPfR1KYok9A6Lgb5eAGyBjXE g8/H42TUhEw99okpGCCAnp+p2VDSLlldJBmhKHKyXCxYnE/1pMs/ggxYWVXVLJ83 P5hSzPTASxLbgrEIxJiAvwl7Bd5P28KinAWFY8rR8vVweL0dRiHMN4qZ3BQ9bR22 Xm7jQQjFamm0+fOAwAMvrWTqH8iB9Bf4JigfkgaJox16oHDP8mBzvFfV9cBWvSnq ZWp2slyZMYfcSvF+EiOHoLr/Z5insb5bsiD7imhH60etXvleY5qPthKV6EuM3X+b ghGphTnLGSq9CI6jeTkMWztR131QEb0+b+dTKk7MmK7xs9eKFQMHL1FScupPwRkY hbjnuum5MYkNBop+WgopMFhQ/m0ovRzKY1SAzjPO+qFmY3doZ5xbR8Zd6+MRyWwL yMC3eHEOwr1jvuLQZO7lfDdnV2dDBL4mDwYB+OMcAy2p2B1OdTIW/M6S0wfh34j9 JUd4uLk7GAPbkzuwGUaRCiyzjtG7PnbUV31Q+nSsbqxi/pT1o8dI96YkxXnRlETA leDZ9h7Gz8Fo/0aVYeANPCkC7j+2DrHG2y8D7SgWfcweuzmhnJGh6hp0735JiDJE tuSk8aykxH27ZdWjMgqoD8XZ5yQI9zKeU1/2eXCtPb/xJL3I6LKWfEWILBlUs0uP mSfM57mwADg= =l7r3 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYPjD6ONLKJtyKPYoAQhpmA//TnLrhzclHXMl5pF4LwHZids8axJKspqh CjTuz2ub60JN0c7z3x2ZkpcSoEMM6hWUHMdIYQBBnk3OsC1UiCy6m0Bxn5YDK5/3 N/KQsWtmHxMIN5JelBmKm3kZ7TxMjvpaj6c/Hjkqg8PCPd8kv2DQFRLp9V5GPmTC cYHdxauT10qbCZbv03gbhrBSmBoRZViWZ75igQRrxRtRRe10SiYr/emvy9hL0CZ6 a//lAuY0e91X5dJm3CUO5DyOYiMbTeWR19Mbv7B+2o28erFD9W8i0rC0IXr7p1ew 8hntX5PwfnOn7779YxFHp+r9xN0QjzPjs8DU6NfiteLQbOJaLVU1P0Wtbm3Fa14U aUJdm3VGIDILt3/HkOlhLsIDTu6KiJCRNxpmICMcC4n9O2hMAmKDmNnlm/0PD4c6 wQimxgeFTuYBbt3Z/E/8QiCgtpmMASltfT7BeKmRgBANbRV5IksK78FafJPWwFsN 6l3ikjyxuzNkgmCbHVsDPdzGGvM9D5mteuNRtP/rzTHH6m2TWcG+EpjsDGjcEz53 UXDpKrGlSXhvFwYL2sBz8xvNF8hJxzixTnu6/17l6dkvXUQNODjaAx1Kl3cQwOBr j2iUyEHZP3uIYUzDgps9VKm4PrOSIwWKsV8eJoFuMo/BVePaJDS5Becpfb1NfYNv 9N9LxN7tp3o= =W33R -----END PGP SIGNATURE-----