-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: java-11-openjdk security update
Advisory ID:       RHSA-2022:0204-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:0204
Issue date:        2022-01-24
CVE Names:         CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 
                   CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 
                   CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 
                   CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 
                   CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 
====================================================================
1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Incomplete deserialization class filtering in ObjectInputStream
(Serialization, 8264934) (CVE-2022-21248)

* OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor
(ImageIO, 8270952) (CVE-2022-21277)

* OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP,
8270492) (CVE-2022-21282)

* OpenJDK: Unexpected exception thrown in regex Pattern (Libraries,
8268813) (CVE-2022-21283)

* OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386)
(CVE-2022-21291)

* OpenJDK: Incomplete checks of StringBuffer and StringBuilder during
deserialization (Libraries, 8270392) (CVE-2022-21293)

* OpenJDK: Incorrect IdentityHashMap size checks during deserialization
(Libraries, 8270416) (CVE-2022-21294)

* OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
(CVE-2022-21296)

* OpenJDK: Infinite loop related to incorrect handling of newlines in
XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)

* OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
(CVE-2022-21305)

* OpenJDK: Excessive resource use when reading JAR manifest attributes
(Libraries, 8272026) (CVE-2022-21340)

* OpenJDK: Insufficient checks when deserializing exceptions in
ObjectInputStream (Serialization, 8272236) (CVE-2022-21341)

* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
(CVE-2022-21360)

* OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)
(CVE-2022-21365)

* OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO,
8274096) (CVE-2022-21366)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2022810 - Prepare for the next quarterly OpenJDK upstream release (2022-01, 11.0.14) [rhel-7]
2041400 - CVE-2022-21283 OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)
2041417 - CVE-2022-21293 OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
2041427 - CVE-2022-21294 OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416)
2041435 - CVE-2022-21282 OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
2041439 - CVE-2022-21296 OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)
2041479 - CVE-2022-21277 OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952)
2041491 - CVE-2022-21360 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
2041785 - CVE-2022-21365 OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)
2041789 - CVE-2022-21366 OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096)
2041801 - CVE-2022-21248 OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)
2041831 - CVE-2022-21291 OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386)
2041878 - CVE-2022-21305 OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
2041884 - CVE-2022-21340 OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026)
2041897 - CVE-2022-21341 OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm

x86_64:
java-11-openjdk-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm

x86_64:
java-11-openjdk-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm

ppc64:
java-11-openjdk-11.0.14.0.9-1.el7_9.ppc64.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.ppc64.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.ppc64.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.ppc64.rpm

ppc64le:
java-11-openjdk-11.0.14.0.9-1.el7_9.ppc64le.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.ppc64le.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.ppc64le.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.ppc64le.rpm

s390x:
java-11-openjdk-11.0.14.0.9-1.el7_9.s390x.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.s390x.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.s390x.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.s390x.rpm

x86_64:
java-11-openjdk-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.ppc64.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.ppc64.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.ppc64.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.ppc64.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.ppc64.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.ppc64.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.ppc64.rpm

ppc64le:
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.ppc64le.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.ppc64le.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.ppc64le.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.ppc64le.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.ppc64le.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.ppc64le.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.ppc64le.rpm

s390x:
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.s390x.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.s390x.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.s390x.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.s390x.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.s390x.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.s390x.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.s390x.rpm

x86_64:
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm

x86_64:
java-11-openjdk-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-devel-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-headless-11.0.14.0.9-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-demo-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-src-11.0.14.0.9-1.el7_9.x86_64.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.i686.rpm
java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21248
https://access.redhat.com/security/cve/CVE-2022-21277
https://access.redhat.com/security/cve/CVE-2022-21282
https://access.redhat.com/security/cve/CVE-2022-21283
https://access.redhat.com/security/cve/CVE-2022-21291
https://access.redhat.com/security/cve/CVE-2022-21293
https://access.redhat.com/security/cve/CVE-2022-21294
https://access.redhat.com/security/cve/CVE-2022-21296
https://access.redhat.com/security/cve/CVE-2022-21299
https://access.redhat.com/security/cve/CVE-2022-21305
https://access.redhat.com/security/cve/CVE-2022-21340
https://access.redhat.com/security/cve/CVE-2022-21341
https://access.redhat.com/security/cve/CVE-2022-21360
https://access.redhat.com/security/cve/CVE-2022-21365
https://access.redhat.com/security/cve/CVE-2022-21366
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYe6LuNzjgjWX9erEAQjcMw/+MQn5TpizF5QR3a0NPbbR95rF/ZEjBP7f
tj5+5iAFily3kxbaZ/1bk9kyUiWE66hOxz2gqdX3HOfjLH/vf36HpDuXbqTuNLD3
5JvsjPiL1dIh7BugW78WdHT9sGwnnr4nM6CbtF5FiWu72SYS5XJZdAfGqSLgunOY
SZu0nwFHzXdOZcsqicwV3cKDvfmmEPaL2Fv50vBfa6r4xGqEc/+7c0Y/ukt9M/B8
Ba2JfFaJ/u+dTIrwA47RaCdYSBIUCpWhNCXztn754QekJUT/M1dWAcCWk1fnaB97
LFhVC1NR8ZpX/B2PwG/uub+4u2fcziFjfz+Dpg4KFdagE4o0aTDoY3+iD+vuvY0K
4CANWuC3FjAKLJgjO2UZri9CO/n6OKHKO8UF9rTixW2XRVOucWYSoyAtucP1xUf8
+SnhB9X9bjCOcnN6GxCg/nKMWpIrDrHGC246LK/uszDWBwFLIoAcs+Uv1qE/xlXg
zB/EJIXmRk/Im2JFbXXxpjRUXzBlK31gi0oGz4WcwGYggXwOlolPCJMqUTmRv9yO
P3Mq/2f0S/Q7gHdVDOKRxcE8R9zgshPlz7AcukZ9zCbttRMOHw7rpn9ctbwGAEB5
Cb8T8mtMb3pAPUCsLG+IJ8lyeSD5PSJHuypZK1m1EtcCT248UQTX7D25XpHU1EqS
eBd8kUGr5jQ=9lAI
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-0204:04 Moderate: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7

Summary

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
* OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248)
* OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) (CVE-2022-21277)
* OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282)
* OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283)
* OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386) (CVE-2022-21291)
* OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) (CVE-2022-21293)
* OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) (CVE-2022-21294)
* OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296)
* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305)
* OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340)
* OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) (CVE-2022-21341)
* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360)
* OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365)
* OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096) (CVE-2022-21366)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2022-21248 https://access.redhat.com/security/cve/CVE-2022-21277 https://access.redhat.com/security/cve/CVE-2022-21282 https://access.redhat.com/security/cve/CVE-2022-21283 https://access.redhat.com/security/cve/CVE-2022-21291 https://access.redhat.com/security/cve/CVE-2022-21293 https://access.redhat.com/security/cve/CVE-2022-21294 https://access.redhat.com/security/cve/CVE-2022-21296 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21305 https://access.redhat.com/security/cve/CVE-2022-21340 https://access.redhat.com/security/cve/CVE-2022-21341 https://access.redhat.com/security/cve/CVE-2022-21360 https://access.redhat.com/security/cve/CVE-2022-21365 https://access.redhat.com/security/cve/CVE-2022-21366 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm
x86_64: java-11-openjdk-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm
x86_64: java-11-openjdk-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm
ppc64: java-11-openjdk-11.0.14.0.9-1.el7_9.ppc64.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.ppc64.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.ppc64.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.ppc64.rpm
ppc64le: java-11-openjdk-11.0.14.0.9-1.el7_9.ppc64le.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.ppc64le.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.ppc64le.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.ppc64le.rpm
s390x: java-11-openjdk-11.0.14.0.9-1.el7_9.s390x.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.s390x.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.s390x.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.s390x.rpm
x86_64: java-11-openjdk-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.ppc64.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.ppc64.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.ppc64.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.ppc64.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.ppc64.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.ppc64.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.ppc64.rpm
ppc64le: java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.ppc64le.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.ppc64le.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.ppc64le.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.ppc64le.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.ppc64le.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.ppc64le.rpm
s390x: java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.s390x.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.s390x.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.s390x.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.s390x.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.s390x.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.s390x.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.s390x.rpm
x86_64: java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm
x86_64: java-11-openjdk-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-devel-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-headless-11.0.14.0.9-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-demo-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-src-11.0.14.0.9-1.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2022:0204-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0204
Issued Date: : 2022-01-24
CVE Names: CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64


Bugs Fixed

2022810 - Prepare for the next quarterly OpenJDK upstream release (2022-01, 11.0.14) [rhel-7]

2041400 - CVE-2022-21283 OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)

2041417 - CVE-2022-21293 OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)

2041427 - CVE-2022-21294 OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416)

2041435 - CVE-2022-21282 OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)

2041439 - CVE-2022-21296 OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)

2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)

2041479 - CVE-2022-21277 OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952)

2041491 - CVE-2022-21360 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)

2041785 - CVE-2022-21365 OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)

2041789 - CVE-2022-21366 OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096)

2041801 - CVE-2022-21248 OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)

2041831 - CVE-2022-21291 OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386)

2041878 - CVE-2022-21305 OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)

2041884 - CVE-2022-21340 OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026)

2041897 - CVE-2022-21341 OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)


Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved