ALSA-2021:3891

[ALSA-2021:3891] Important: java-11-openjdk security update

Type:

security

Severity:

important

Release date:

2021-11-12

Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)

* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)

* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)

* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
x86_64	java-11-openjdk-devel-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	01bf89e4a1c7bc2269e59329dc79e551e4b22296713be19fc6e82a03631029b3
x86_64	java-11-openjdk-src-11.0.13.0.8-1.el8_4.x86_64.rpm	0e0f3bc434efeac75881a40ef0e33112f09de70b2224cdf85bafa25e412dd10a
x86_64	java-11-openjdk-demo-11.0.13.0.8-1.el8_4.x86_64.rpm	13913bd7d5f159e99a5bb22d4a089e09e7dc817f8d48f32668456807c16247fb
x86_64	java-11-openjdk-javadoc-11.0.13.0.8-1.el8_4.x86_64.rpm	1ea34a1694fc180ed50b5ca4acd4cc74b40ac4e7c2faaa1631d40bd8a1b23ef2
x86_64	java-11-openjdk-demo-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	34880f022af0f9257c34c8ab4e1297d999f01d5af923265eac65513d2455e64f
x86_64	java-11-openjdk-static-libs-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	3d70b8ee019a4d9c7b72c54e9cc400d2be7c30cb14961d3df9c524104ac76be2
x86_64	java-11-openjdk-11.0.13.0.8-1.el8_4.x86_64.rpm	4b7f4e2f3a56881b1e65d0e9aeb41fd3629097d34691e42fd722b16feb2efc8f
x86_64	java-11-openjdk-headless-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	5702469c6bf5ea68f1921c41f7da0708676b4cef60640bf329ad3396b4f04f71
x86_64	java-11-openjdk-devel-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	62715b04be4e36d809c13578eff2eda438f590e4937b3ee2617468eb762c611e
x86_64	java-11-openjdk-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	6573ad8e44bd9ee4f8a3b0c17994a50a4f503b32dd5f0d891d230d1b73889475
x86_64	java-11-openjdk-headless-11.0.13.0.8-1.el8_4.x86_64.rpm	678efbbf7301f8ee985ba2650c124d4be926a0e6aec885fc44c03f05e2d77bed
x86_64	java-11-openjdk-static-libs-11.0.13.0.8-1.el8_4.x86_64.rpm	83e8568a490a85098cbb7cc1ab049c68d5326bb0dfc8b3965d429ee6f3c6bb3f
x86_64	java-11-openjdk-headless-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	889b4e40a71e14c2fde50479637ae55119ce901f910fc60c2d29e71bfc6d549b
x86_64	java-11-openjdk-static-libs-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	9a6b5ee68105e741a3dc4b65879ae95d3ae5455dc6e0179b9e80895139e21351
x86_64	java-11-openjdk-demo-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	a212cbb9da67c31a4f45b52dd602cd548ec1422d904c8f1024db53cb5a648d9e
x86_64	java-11-openjdk-jmods-11.0.13.0.8-1.el8_4.x86_64.rpm	a53b3ae391516883a8075921112bbdc4c3cf7dfdcabe0f939c2582349d776214
x86_64	java-11-openjdk-jmods-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	a9e365261e6e877e4f2e78f7a73f62affb8cd3ce2a3d99433f34361c70addcab
x86_64	java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el8_4.x86_64.rpm	b7732bbd1ee805f96cd7c8fd70982a33d8da11e6eedebbfa8c62f68a7752604d
x86_64	java-11-openjdk-devel-11.0.13.0.8-1.el8_4.x86_64.rpm	ba27ea02142f270ca60f2218874d10d09df757071a93b73950eadedee42c897c
x86_64	java-11-openjdk-src-fastdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	c7c9dd31f35bdc05961e4e86138a33f5314ce7e8db1fe9a5f15f3872d8eac221
x86_64	java-11-openjdk-src-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	cae1b45a7883bed1fcdb2e55dcceb5616baf288a58c61bbeb4e33e3f894a746e
x86_64	java-11-openjdk-jmods-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	d6ca27d694a5a127b02e76f6c6a69ade1556cfd43bc1cfe98f36bc9e04edd072
x86_64	java-11-openjdk-slowdebug-11.0.13.0.8-1.el8_4.x86_64.rpm	f11d3d07a8d3c7362ae66d62997cce75e3afde9ec6a47a9763cf40836124a188

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.