Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3494 java-11-openjdk security update 21 October 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: java-11-openjdk Publisher: Red Hat Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Overwrite Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-35603 CVE-2021-35586 CVE-2021-35578 CVE-2021-35567 CVE-2021-35565 CVE-2021-35564 CVE-2021-35561 CVE-2021-35559 CVE-2021-35556 CVE-2021-35550 Reference: ASB-2021.0207 ESB-2021.3493 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:3886 https://access.redhat.com/errata/RHSA-2021:3892 https://access.redhat.com/errata/RHSA-2021:3887 https://access.redhat.com/errata/RHSA-2021:3891 Comment: This bulletin contains four (4) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2021:3886-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3886 Issue date: 2021-10-20 CVE Names: CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 ===================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2014508 - CVE-2021-35565 OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) 2014515 - CVE-2021-35556 OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) 2014518 - CVE-2021-35559 OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) 2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) 2015061 - CVE-2021-35564 OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) 2015308 - CVE-2021-35586 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) 2015311 - CVE-2021-35603 OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) 2015648 - CVE-2021-35550 OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) 2015653 - CVE-2021-35578 OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) 2015658 - CVE-2021-35567 OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: java-11-openjdk-11.0.13.0.8-1.el8_1.src.rpm aarch64: java-11-openjdk-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.aarch64.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_1.aarch64.rpm ppc64le: java-11-openjdk-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.ppc64le.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_1.ppc64le.rpm s390x: java-11-openjdk-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.s390x.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_1.s390x.rpm x86_64: java-11-openjdk-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_1.x86_64.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-35550 https://access.redhat.com/security/cve/CVE-2021-35556 https://access.redhat.com/security/cve/CVE-2021-35559 https://access.redhat.com/security/cve/CVE-2021-35561 https://access.redhat.com/security/cve/CVE-2021-35564 https://access.redhat.com/security/cve/CVE-2021-35565 https://access.redhat.com/security/cve/CVE-2021-35567 https://access.redhat.com/security/cve/CVE-2021-35578 https://access.redhat.com/security/cve/CVE-2021-35586 https://access.redhat.com/security/cve/CVE-2021-35603 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYXAVKtzjgjWX9erEAQi61Q/9Gdg5sgGp/6GdcN3fpKpFi3Suu9myx+ky hp38sQOCxTsZGfhjt0JCNpXwTAICgwonW5Nquz60rzwkh0uKkGK++5HuKojgEP5x RPlvUJwztTfGE1YfajCXfPFB4CL7eaKCnQOa/+FIrO4VLtdnNGwqFgzxdEojriVr ExztpCMjO0S5HNcr+v5WLV/G9ZIss0tgT3urlSsM4vHm2p28Ucj+MvyLDNvLhbqk kH9bJEwwUwq9Zo+BnRoDRavYxeJP32sVnas2af1p5weQS/xDOeoNwuAMS3sCTDSi AsFhyaJ/oYvafLdzRLemTrzrvQjuyq54tuovu1vE21HEvTVGma5UbzFqGUclaBI9 XxcX4P66FOgEG/hcxw3AzKis3lEpQ6tcG9lqz9TNI/f/xKZnMYWH0SbciJQgVTZX xZ8A/Tp0BpeDkQ12SotPQAsXSXBwnDU+z5ICpyq0rKFjUiO1p0RQLeIhdR9mmhl6 DCccl9dyFP+paHBAhACXZwHFUBsjx34P8C1CmKwXeOlzg/EzKvpHLzB+Ezqrci/B R9180pim3qWyKBuMpmPfUyDpFKVJJnc89+xWoIanXjpGQG4zEvU8ZA2izqnq0y5V +jqV5Tttn0Y73anvaaiTvoCYI946iEBLNgV/Wae5F23VD7jtlQXEJdxZvTRkYRgg Wb4tF6zWXlI= =x6OX - -----END PGP SIGNATURE----- - ---------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2021:3887-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3887 Issue date: 2021-10-20 CVE Names: CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 ===================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2014508 - CVE-2021-35565 OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) 2014515 - CVE-2021-35556 OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) 2014518 - CVE-2021-35559 OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) 2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) 2015061 - CVE-2021-35564 OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) 2015308 - CVE-2021-35586 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) 2015311 - CVE-2021-35603 OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) 2015648 - CVE-2021-35550 OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) 2015653 - CVE-2021-35578 OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) 2015658 - CVE-2021-35567 OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: java-11-openjdk-11.0.13.0.8-1.el8_2.src.rpm aarch64: java-11-openjdk-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_2.aarch64.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el8_2.aarch64.rpm ppc64le: java-11-openjdk-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_2.ppc64le.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el8_2.ppc64le.rpm s390x: java-11-openjdk-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_2.s390x.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el8_2.s390x.rpm x86_64: java-11-openjdk-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_2.x86_64.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-35550 https://access.redhat.com/security/cve/CVE-2021-35556 https://access.redhat.com/security/cve/CVE-2021-35559 https://access.redhat.com/security/cve/CVE-2021-35561 https://access.redhat.com/security/cve/CVE-2021-35564 https://access.redhat.com/security/cve/CVE-2021-35565 https://access.redhat.com/security/cve/CVE-2021-35567 https://access.redhat.com/security/cve/CVE-2021-35578 https://access.redhat.com/security/cve/CVE-2021-35586 https://access.redhat.com/security/cve/CVE-2021-35603 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYXAdYNzjgjWX9erEAQjn4hAAhlHRXnz7SBi/MnHykr2kaVzndMG8i/Y9 skw1AN/T4ts6JdoTQ4ulZcZe2x2yBPQ5XVje7UCatwqLs8AbBgFOq561Mp3qN8Uw KvNWSgMRNMi1+IUEfN6Xnckwz8MODMu7ItsYqccvZLN2XvyE8Fuhv3P1Wm6OHJqo 7c0tvO/TcGK98XQgA4Bunbu9dREr5iHuLIeYw9+aUoE00Rhc4Kzs5oEFaRSlpePR RlYhgJFkECF3nzNCAQvnEte4+EzIxcFkN3AFTDhbmcNgDr+PX+6txymuMt+MFk6L CX9ay/LWK2dWHfKuMmucdJaRI0rtXRn+gwrWpyQ/qxJtK4LROs3fcMpFzrjquO0Z P7wRTJPCPKMkB0X8OaV0pjVudashdDEZ+KkUB2hcZcvTQPSCkFuViZ3rTyudQD76 LtVpmTBOHN9LmWlHYHKf0krgQbjcphpAmwaVxSEJ8JQy+LzWt+64vz99RguY3YO/ YRJwFVOJIEeiYLQknM/EJlqv+inea0ii0jGss0oKjWdQ6/u6S+u7bXlNWCLGOhne yInZ2TGjeUTXOinRWPgv6m9PG79g3E/9jDSy3D0kr2CZT+jS3B3mSwO1I6IpkjDr r29FALI4SsqkjUoFNMxT/CpY31RCRhm8YRKk+W7FTwPB25CkyEJKiEESezbr+b8q h70YZf8csTU= =rPra - -----END PGP SIGNATURE----- - ----------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2021:3891-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3891 Issue date: 2021-10-20 CVE Names: CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 ===================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2014508 - CVE-2021-35565 OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) 2014515 - CVE-2021-35556 OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) 2014518 - CVE-2021-35559 OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) 2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) 2015061 - CVE-2021-35564 OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) 2015308 - CVE-2021-35586 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) 2015311 - CVE-2021-35603 OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) 2015648 - CVE-2021-35550 OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) 2015653 - CVE-2021-35578 OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) 2015658 - CVE-2021-35567 OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: java-11-openjdk-11.0.13.0.8-1.el8_4.src.rpm aarch64: java-11-openjdk-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el8_4.aarch64.rpm ppc64le: java-11-openjdk-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el8_4.ppc64le.rpm s390x: java-11-openjdk-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el8_4.s390x.rpm x86_64: java-11-openjdk-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-src-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el8_4.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-demo-slowdebug-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-devel-slowdebug-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-headless-slowdebug-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-jmods-slowdebug-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-slowdebug-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-src-slowdebug-11.0.13.0.8-1.el8_4.aarch64.rpm java-11-openjdk-static-libs-slowdebug-11.0.13.0.8-1.el8_4.aarch64.rpm ppc64le: java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-demo-slowdebug-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-devel-slowdebug-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-headless-slowdebug-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-jmods-slowdebug-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-slowdebug-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-src-slowdebug-11.0.13.0.8-1.el8_4.ppc64le.rpm java-11-openjdk-static-libs-slowdebug-11.0.13.0.8-1.el8_4.ppc64le.rpm s390x: java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-demo-slowdebug-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-devel-slowdebug-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-headless-slowdebug-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-jmods-slowdebug-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-slowdebug-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-src-slowdebug-11.0.13.0.8-1.el8_4.s390x.rpm java-11-openjdk-static-libs-slowdebug-11.0.13.0.8-1.el8_4.s390x.rpm x86_64: java-11-openjdk-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-debugsource-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-demo-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-demo-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-devel-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-devel-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-headless-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-headless-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-jmods-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-jmods-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-src-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-src-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-static-libs-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm java-11-openjdk-static-libs-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-35550 https://access.redhat.com/security/cve/CVE-2021-35556 https://access.redhat.com/security/cve/CVE-2021-35559 https://access.redhat.com/security/cve/CVE-2021-35561 https://access.redhat.com/security/cve/CVE-2021-35564 https://access.redhat.com/security/cve/CVE-2021-35565 https://access.redhat.com/security/cve/CVE-2021-35567 https://access.redhat.com/security/cve/CVE-2021-35578 https://access.redhat.com/security/cve/CVE-2021-35586 https://access.redhat.com/security/cve/CVE-2021-35603 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYXAfutzjgjWX9erEAQjuchAAjwVcb6hQRwxul8BJg8sYBYvsez4tQT+D NlKdbCdUcxmaNJet9Ik1uU2sPpts8up+BWfzqsrubDItpWtgklSkMjb5nNMWcpNs Akw7gsT4wYGhgSfd7uDyf4RZMGblR0YmDRQ6FSU4p7w1GL35LxEGQpf6JDipchpJ Ho17sS+htvSznBQG0whgq+ea29CITt/6auFzzSZqs9dpwK/VRxWUuC3utU8NPCOa y5/T2MT9tNH4qCoN1ZYfw6p8qsPnAMY/rEkYvpeyZggJfbOjQ7bb5HJ/eCFDva1B 8Js6rv0rn6tamvOb7p/VbuLsQUmQJ+/xwX0eZYaI/yHFLxHB8XcW4Nv9tnCWEEk4 KobaLPwzzJKB/4zu7qxaZs7tfEzJzlL9pZYqVdaXvFUwdGj1T2XVL7BmQljwla3m YrpMMFMw9gB1gQCjUVOtb30hIkjyI/L32TGkZ00MIcWg7uO60Mbycepe8Legd5NA a64vezaOM932joC0Cvq5cp+Uxj2aMEC/Dyq+QCb8RLqH+SCmFH8mtH40Sa0kq9c8 EHYF1q0WGcXtYHujIMoaEwnnw2XV/P/DHxNhGu8GrZrQMWgIxuJPtp68lxL9W3X7 0LmEGMBxPWLSnW+HYwVokMpwWSLN3MyF8AogqEY5NVRZ079iu6NCkJeC4piBL75C ZThonbPBHAs= =pGJl - -----END PGP SIGNATURE----- - ------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security and bug fix update Advisory ID: RHSA-2021:3892-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3892 Issue date: 2021-10-20 CVE Names: CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 ===================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, uninstalling the OpenJDK RPMs attempted to remove a client directory that did not exist. This directory is no longer used in java-11-openjdk and all references to it have now been removed. (RHBZ#1698873) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1698873 - warning: file /usr/lib/jvm/java-11-openjdk-11.0.ea.28-7.el7.x86_64/lib/client: remove failed: No such file or directory 1999936 - Prepare for the next quarterly OpenJDK upstream release (2021-10, 11.0.13) [rhel-7] 2014508 - CVE-2021-35565 OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) 2014515 - CVE-2021-35556 OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) 2014518 - CVE-2021-35559 OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) 2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) 2015061 - CVE-2021-35564 OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) 2015308 - CVE-2021-35586 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) 2015311 - CVE-2021-35603 OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) 2015648 - CVE-2021-35550 OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) 2015653 - CVE-2021-35578 OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) 2015658 - CVE-2021-35567 OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-11-openjdk-11.0.13.0.8-1.el7_9.src.rpm x86_64: java-11-openjdk-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-11-openjdk-11.0.13.0.8-1.el7_9.src.rpm x86_64: java-11-openjdk-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-11-openjdk-11.0.13.0.8-1.el7_9.src.rpm ppc64: java-11-openjdk-11.0.13.0.8-1.el7_9.ppc64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.ppc64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.ppc64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.ppc64.rpm ppc64le: java-11-openjdk-11.0.13.0.8-1.el7_9.ppc64le.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.ppc64le.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.ppc64le.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.ppc64le.rpm s390x: java-11-openjdk-11.0.13.0.8-1.el7_9.s390x.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.s390x.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.s390x.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.s390x.rpm x86_64: java-11-openjdk-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.ppc64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.ppc64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.ppc64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.ppc64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.ppc64.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.ppc64.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.ppc64.rpm ppc64le: java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.ppc64le.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.ppc64le.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.ppc64le.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.ppc64le.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.ppc64le.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.ppc64le.rpm s390x: java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.s390x.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.s390x.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.s390x.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.s390x.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.s390x.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.s390x.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.s390x.rpm x86_64: java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-11-openjdk-11.0.13.0.8-1.el7_9.src.rpm x86_64: java-11-openjdk-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-35550 https://access.redhat.com/security/cve/CVE-2021-35556 https://access.redhat.com/security/cve/CVE-2021-35559 https://access.redhat.com/security/cve/CVE-2021-35561 https://access.redhat.com/security/cve/CVE-2021-35564 https://access.redhat.com/security/cve/CVE-2021-35565 https://access.redhat.com/security/cve/CVE-2021-35567 https://access.redhat.com/security/cve/CVE-2021-35578 https://access.redhat.com/security/cve/CVE-2021-35586 https://access.redhat.com/security/cve/CVE-2021-35603 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYXA0lNzjgjWX9erEAQgP0xAAoQdKswPTWEnMMEyy/0ohZLVviqbCGyqm JTbT2pjUDOm1kD9naJyS1Op5mngpdx29QmiVA4AZ8WLE+gI/7xLKALXDX3+Ft50Q 52I0voXRq8Z+5n9ZptMBiywOryyh+ZSx5NCc4wZm7ZTX7BtQr0PAIoV8a8ERp44I l3xaYv/GtX0FA5lTsX5zxHYLsPJ6F7ZshrYIZpnNK9t9N7nX11YjNCQK1LOjd92x ctUozrc710eF+y2gaRifLEi6uH66C8Xamr4Q/t3z+a0hGpilaD4U2DPu54K0UkOk NWcQFAdjIRVUo4ITpniJMZVJ1ylr385pRPCXAOpi+mlKQzTtRz+088R2F/iMVajX PTb0qQIL5zmUX4rN0JLy2bXVJRT7oFZD0acMpoQNQnuwTnb1aLOGcjkzUTP4dN7z UBFNLF+oxcNJ3NtAjpRtvcN8fqAqfkUVPsFACaSiAUKJIOYDQ6c6fHeefTQEhhOi SKHPAn4emMQpgp6isUsT94Zg9OJIXKU11JRXQc038DYkknhPt6bisakEKtowa0ct mnBGBe8785KXYjDxhxfkr2lBlyhERq60mWxXDEZ6GdPVJyozuNirjJpv5kkAN9Cg O/JHU5g4bYSFHLylDZIa+UqvzFCmZ840dMrfofYUk3nb193Nu7REbv5m7DZX3OtG 720/5Abt+xY= =3d3f - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYXCyZ+NLKJtyKPYoAQhGSw//ZPzp2CNQIXea2wliGiagHwIO+/UnBg5D Sc2c4Gs57466zhhRet9vlw4q1QkknLfDpoRDZW4/c3Fnxs37JOZf2uKZvtAh5XoX QPCUe0o5XkdSjAoJDf/pw1E3ACs3x2YeK09q2zOjklnJauh5uWW/OLtb2VO66NbC xO6KjM3a4YNpQQ5AjWa/dSLCAyXBBKzYvA5uZnPZEVIuv2irJzpYsXfDzH5+dm3w asvgK0fg9A1M3Ga6rLbkgXQjD8gjmcBB9us9GCLcfRxPVPKpHqWImWvhKpH4zLR6 HBu+gf5uhlKFPvD4ybOLG3+quDzu1OT0QjUT5w7v4NpwY9tLmiCRlLIrcWQbQeE/ 6IGAEqWIf8d8uIhwtE8rsQ9ecZNJk60lO8LHDsEWyY0IVuFd+gbZl02Rlx6621UM vxwFFYSvGXy931BfuWdhpY1HgiYsh3wxCRyWRhvOAj/4mVZle3YWDOPTVvpnELeU F5HdxkbbUS2WeNiFiyNsab6U+VrBafv0xw2tQJFQw0kS9yFHOZhWpgqjAB5aOqFR xYJ3nl+n3TuU9Wg/hK0rkCfOlWKLTlkm8kqI1M11M0YsgqFWwk1JOXWfRTuGMZj2 dDCJeNNLB+l0K68V3Zi965wD0tmTkdMHdDCGnAxtHBGFisST3SSCW09m0V4yA3S9 y24quWgfNLs= =5OW8 -----END PGP SIGNATURE-----