ALSA-2022:0185

[ALSA-2022:0185] Moderate: java-11-openjdk security update

Type:

security

Severity:

moderate

Release date:

2022-01-25

Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248)

* OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) (CVE-2022-21277)

* OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282)

* OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283)

* OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386) (CVE-2022-21291)

* OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) (CVE-2022-21293)

* OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) (CVE-2022-21294)

* OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296)

* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)

* OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305)

* OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340)

* OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) (CVE-2022-21341)

* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360)

* OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365)

* OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096) (CVE-2022-21366)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
x86_64	java-11-openjdk-jmods-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	029066c9882b87a734f85dc8b1147a71f42a7f30f71fdc0f0e3f71a31cbf7d9b
x86_64	java-11-openjdk-jmods-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	0639d6b3226bb87e8b3ecc7800f29e0325516086067e032c05fc5020319c8182
x86_64	java-11-openjdk-devel-11.0.14.0.9-2.el8_5.x86_64.rpm	065517e040791aeea7d5fd38eed6920f3d51c7ac87d01829c901e8576e0aed85
x86_64	java-11-openjdk-demo-11.0.14.0.9-2.el8_5.x86_64.rpm	0d4fb59e259b20a317041b3a1526317642aad0a4cee6ca537b9a5d9c2b9eb292
x86_64	java-11-openjdk-static-libs-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	0f6e35fa15525c11d10873b7c5eeb2c37e363742c57fa2148fc8046e2d386722
x86_64	java-11-openjdk-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	229ae1c1a23f877fe9411a520cb6ab21b29b73dbd172f1d6b203329ca8cbca21
x86_64	java-11-openjdk-static-libs-11.0.14.0.9-2.el8_5.x86_64.rpm	3385288af1845c0f634f8303b26df57acfbf84dc1bd50453305fa8b4c5ee209b
x86_64	java-11-openjdk-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	35a6d600da49df24f499e95cf7568f2e32853fa1c3ec1b25864c60cd81cd5dcd
x86_64	java-11-openjdk-headless-11.0.14.0.9-2.el8_5.x86_64.rpm	4b9cde3e7818ccaa032900ee152fb5c9e3689a8d9579231af7e3eead67233147
x86_64	java-11-openjdk-src-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	54404eb35e3b17b6c35b349456e412d0d8e9c67491f5ef48924e0c426dbad3a5
x86_64	java-11-openjdk-javadoc-11.0.14.0.9-2.el8_5.x86_64.rpm	6058d42ed3c4f1a34f537172e4b2a9140089dfd83620e20274d65972119c53c8
x86_64	java-11-openjdk-src-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	61f30640febd40d73d7ed80804c2bf26eddaefd6bd02d92e86e703aa873fe8eb
x86_64	java-11-openjdk-javadoc-zip-11.0.14.0.9-2.el8_5.x86_64.rpm	89c9aa728966597dac28ba0212118f45c4cd5fac16ab5bba5801a2a86f2fdc5f
x86_64	java-11-openjdk-demo-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	a57c5f8e85a1ce45c36ee967560d871c64ae8f40196985cc0d269de14bdc9cd1
x86_64	java-11-openjdk-11.0.14.0.9-2.el8_5.x86_64.rpm	a867b4023fd616a334af141e36a5f175d7a4f9eb4d4741dc86e59db923af5645
x86_64	java-11-openjdk-src-11.0.14.0.9-2.el8_5.x86_64.rpm	b275ebf24c03670143c8432a664160451b8908a7ac36caee06b7557a3ea0f69b
x86_64	java-11-openjdk-devel-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	b3a1159e32f2edcd9182ea483fed4be3b1d6357c028220e5f6b4577ee72b8323
x86_64	java-11-openjdk-headless-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	bc8496d68f004235b538ea17c6a28decf95da18c82ef98a339ecff0c6b86cbdf
x86_64	java-11-openjdk-static-libs-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	c768557bb568205acd0b5b48c093125171ff410a90b8c428978f916cc3e86873
x86_64	java-11-openjdk-headless-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	ce8ffcf106cffd353020312ca52e772c2db64272f347b49acd038549e1e401e7
x86_64	java-11-openjdk-devel-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	e2c0daa6e4bc4b153380c8c0f29979d02aecfd43f250b13efd21360b15290e2b
x86_64	java-11-openjdk-demo-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm	e4105a563fa55e9eace73cb426c97bead02866c0c530b33f3f33515022382bd3
x86_64	java-11-openjdk-jmods-11.0.14.0.9-2.el8_5.x86_64.rpm	ee0b8c1dc80c0c9596008b3bb4956e2326e4bbaf0d447b566414d2126af18100

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.