[ALSA-2021:3893] Important: java-1.8.0-openjdk security and bug fix update
Release date:
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071) (CVE-2021-35588) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, OpenJDK's FIPS mode would be enabled if it detected that the system crypto policy was set to FIPS. This meant that containers running on a FIPS mode kernel would not enable FIPS mode without the crypto policy being changed. With this update, OpenJDK queries the NSS library as to whether FIPS mode is active or not. (RHBZ#2014201) * The use of the NSS FIPS mode by OpenJDK requires the JDK to login to the NSS software token. Previously, this happened indirectly as part of some crypto operations, but not others. With this update, the JDK logs in to the token on initialisation. (RHBZ#2014204) * While in FIPS mode, the NSS Software Token does not allow the import of private or secret plain keys. This caused the OpenJDK keytool application to fail when used with OpenJDK in FIPS mode. With this update, OpenJDK will now import such keys into the NSS database. This behaviour may be disabled using -Dcom.AlmaLinux.fips.plainKeySupport=false. (RHBZ#2014193)
Updated packages listed below:
Architecture Package Checksum
noarch java-1.8.0-openjdk-javadoc-zip- 37bdf3b739c3f88d9abbffec13b7933fe8e5772a9c25e3d435a6f6f496e817c5
noarch java-1.8.0-openjdk-javadoc- a2d282a0eb19c08591554b012e20a696b77d2f154308a41f47b908c6f9f518b3
x86_64 java-1.8.0-openjdk-slowdebug- 1499058f94c7d5461aeb7777a00a3551583b6070ffa37d680961c5efd12d6c11
x86_64 java-1.8.0-openjdk- 1a12aecce70da14662e7d5300fab466cd904c7da6072bd7772aa053baacddff0
x86_64 java-1.8.0-openjdk-headless-slowdebug- 2e0c1a253e45e65c32a9e206b57eac84761e2b492839c8dcc6cc94ef1fdda736
x86_64 java-1.8.0-openjdk-headless-fastdebug- 3c9cc73490c96a8e37cc86c8231c5943ff38f5c90d86a56253dc7ed27a195e4b
x86_64 java-1.8.0-openjdk-demo-fastdebug- 463198c66f058d2e00dcf509f3b70d758bdce9674d7d58bbaea6cb28da9df826
x86_64 java-1.8.0-openjdk-accessibility-slowdebug- 62242a0db0023586e4ee929356f4436ce618e6f3a7dc1ff52cb5928119966220
x86_64 java-1.8.0-openjdk-demo-slowdebug- 64a08e4f8826199ffc49916b9c064e7cffab5460190062563c404bc0ab3ec6f4
x86_64 java-1.8.0-openjdk-fastdebug- 8a9393053c0f068c83fb3396761d1adf5a41ce08d20f898c4c76bf933967f391
x86_64 java-1.8.0-openjdk-demo- 932cfeee0ec44f37188f63d04d2643699390f26e881b80904d2f44ff6996834a
x86_64 java-1.8.0-openjdk-accessibility-fastdebug- 9906ccbed5e14ec48ae51bbe3c55442d569405ea8cec033bf678f76dbac0f397
x86_64 java-1.8.0-openjdk-headless- 9c92982fbb88fc13f8378bf71488fdc420225ea1f240e945e21ae0795aa8b02f
x86_64 java-1.8.0-openjdk-devel- b612ee5be7f53fe4861db752644cb4d231f86cdc710bb24cf9b37b6042f49338
x86_64 java-1.8.0-openjdk-accessibility- c00d2945a51eced4319cfcef21129fbec47644bf709272efb7dcf17ab454bec2
x86_64 java-1.8.0-openjdk-devel-slowdebug- c7b796c5705e75e8bd3d5dcdd244b501b2a7974fcc8cbd6895aa1492cbd4f315
x86_64 java-1.8.0-openjdk-src-slowdebug- c939aa78a376c911cb2f0d2e21ce13a2cf286cfad4becab7e9ff1430ff6a385c
x86_64 java-1.8.0-openjdk-src- d28433bd359f8159379e4810ecc733f4e59664003e02d6ad97f41162236a317e
x86_64 java-1.8.0-openjdk-src-fastdebug- dcd5af5ec5756779e3ea1196927b9366a747ee6da4f5502738999e3ad1605140
x86_64 java-1.8.0-openjdk-devel-fastdebug- e10f3a4c8ecd4be3161f843df458c722b6848cc5d8707303336c41ae0c46b79c
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.