[ALSA-2022:0185] Moderate: java-11-openjdk security update
Type:
security
Severity:
moderate
Release date:
2022-01-25
Description:
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248) * OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) (CVE-2022-21277) * OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282) * OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283) * OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386) (CVE-2022-21291) * OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) (CVE-2022-21293) * OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) (CVE-2022-21294) * OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296) * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299) * OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305) * OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340) * OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) (CVE-2022-21341) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360) * OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365) * OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096) (CVE-2022-21366) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
x86_64 java-11-openjdk-jmods-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm 029066c9882b87a734f85dc8b1147a71f42a7f30f71fdc0f0e3f71a31cbf7d9b
x86_64 java-11-openjdk-jmods-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm 0639d6b3226bb87e8b3ecc7800f29e0325516086067e032c05fc5020319c8182
x86_64 java-11-openjdk-devel-11.0.14.0.9-2.el8_5.x86_64.rpm 065517e040791aeea7d5fd38eed6920f3d51c7ac87d01829c901e8576e0aed85
x86_64 java-11-openjdk-demo-11.0.14.0.9-2.el8_5.x86_64.rpm 0d4fb59e259b20a317041b3a1526317642aad0a4cee6ca537b9a5d9c2b9eb292
x86_64 java-11-openjdk-static-libs-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm 0f6e35fa15525c11d10873b7c5eeb2c37e363742c57fa2148fc8046e2d386722
x86_64 java-11-openjdk-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm 229ae1c1a23f877fe9411a520cb6ab21b29b73dbd172f1d6b203329ca8cbca21
x86_64 java-11-openjdk-static-libs-11.0.14.0.9-2.el8_5.x86_64.rpm 3385288af1845c0f634f8303b26df57acfbf84dc1bd50453305fa8b4c5ee209b
x86_64 java-11-openjdk-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm 35a6d600da49df24f499e95cf7568f2e32853fa1c3ec1b25864c60cd81cd5dcd
x86_64 java-11-openjdk-headless-11.0.14.0.9-2.el8_5.x86_64.rpm 4b9cde3e7818ccaa032900ee152fb5c9e3689a8d9579231af7e3eead67233147
x86_64 java-11-openjdk-src-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm 54404eb35e3b17b6c35b349456e412d0d8e9c67491f5ef48924e0c426dbad3a5
x86_64 java-11-openjdk-javadoc-11.0.14.0.9-2.el8_5.x86_64.rpm 6058d42ed3c4f1a34f537172e4b2a9140089dfd83620e20274d65972119c53c8
x86_64 java-11-openjdk-src-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm 61f30640febd40d73d7ed80804c2bf26eddaefd6bd02d92e86e703aa873fe8eb
x86_64 java-11-openjdk-javadoc-zip-11.0.14.0.9-2.el8_5.x86_64.rpm 89c9aa728966597dac28ba0212118f45c4cd5fac16ab5bba5801a2a86f2fdc5f
x86_64 java-11-openjdk-demo-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm a57c5f8e85a1ce45c36ee967560d871c64ae8f40196985cc0d269de14bdc9cd1
x86_64 java-11-openjdk-11.0.14.0.9-2.el8_5.x86_64.rpm a867b4023fd616a334af141e36a5f175d7a4f9eb4d4741dc86e59db923af5645
x86_64 java-11-openjdk-src-11.0.14.0.9-2.el8_5.x86_64.rpm b275ebf24c03670143c8432a664160451b8908a7ac36caee06b7557a3ea0f69b
x86_64 java-11-openjdk-devel-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm b3a1159e32f2edcd9182ea483fed4be3b1d6357c028220e5f6b4577ee72b8323
x86_64 java-11-openjdk-headless-fastdebug-11.0.14.0.9-2.el8_5.x86_64.rpm bc8496d68f004235b538ea17c6a28decf95da18c82ef98a339ecff0c6b86cbdf
x86_64 java-11-openjdk-static-libs-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm c768557bb568205acd0b5b48c093125171ff410a90b8c428978f916cc3e86873
x86_64 java-11-openjdk-headless-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm ce8ffcf106cffd353020312ca52e772c2db64272f347b49acd038549e1e401e7
x86_64 java-11-openjdk-devel-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm e2c0daa6e4bc4b153380c8c0f29979d02aecfd43f250b13efd21360b15290e2b
x86_64 java-11-openjdk-demo-slowdebug-11.0.14.0.9-2.el8_5.x86_64.rpm e4105a563fa55e9eace73cb426c97bead02866c0c530b33f3f33515022382bd3
x86_64 java-11-openjdk-jmods-11.0.14.0.9-2.el8_5.x86_64.rpm ee0b8c1dc80c0c9596008b3bb4956e2326e4bbaf0d447b566414d2126af18100
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.