[ALSA-2021:4135] Important: java-17-openjdk security update
Type:
security
Severity:
important
Release date:
2021-11-12
Description:
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages:
  • java-17-openjdk-jmods-slowdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-demo-slowdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-static-libs-fastdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-src-fastdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-headless-fastdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-jmods-fastdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-headless-slowdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-src-slowdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-slowdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-fastdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-devel-fastdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-static-libs-slowdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-demo-fastdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-devel-slowdebug-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-javadoc-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-jmods-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-javadoc-zip-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-headless-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-src-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-demo-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-static-libs-17.0.1.0.12-2.el8_5.x86_64.rpm
  • java-17-openjdk-devel-17.0.1.0.12-2.el8_5.x86_64.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.