Red Hat: RHSA-2022-0211 Moderate: Java-11-OpenJDK Security Update
Jan 24, 2022
•
LinuxSecurity Advisories
8 - 15 min read
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
==================================================================== Red Hat Security Advisory
Synopsis: Moderate: java-11-openjdk security and bug fix update
Advisory ID: RHSA-2022:0211-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0211
Issue date: 2022-01-24
CVE Names: CVE-2022-21248 CVE-2022-21277 CVE-2022-21282
CVE-2022-21283 CVE-2022-21291 CVE-2022-21293
CVE-2022-21294 CVE-2022-21296 CVE-2022-21299
CVE-2022-21305 CVE-2022-21340 CVE-2022-21341
CVE-2022-21360 CVE-2022-21365 CVE-2022-21366
====================================================================
1. Summary:
An update for java-11-openjdk is now available for Red Hat Enterprise Linux
8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64
3. Description:
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
* OpenJDK: Incomplete deserialization class filtering in ObjectInputStream
(Serialization, 8264934) (CVE-2022-21248)
* OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor
(ImageIO, 8270952) (CVE-2022-21277)
* OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP,
8270492) (CVE-2022-21282)
* OpenJDK: Unexpected exception thrown in regex Pattern (Libraries,
8268813) (CVE-2022-21283)
* OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386)
(CVE-2022-21291)
* OpenJDK: Incomplete checks of StringBuffer and StringBuilder during
deserialization (Libraries, 8270392) (CVE-2022-21293)
* OpenJDK: Incorrect IdentityHashMap size checks during deserialization
(Libraries, 8270416) (CVE-2022-21294)
* OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
(CVE-2022-21296)
* OpenJDK: Infinite loop related to incorrect handling of newlines in
XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
(CVE-2022-21305)
* OpenJDK: Excessive resource use when reading JAR manifest attributes
(Libraries, 8272026) (CVE-2022-21340)
* OpenJDK: Insufficient checks when deserializing exceptions in
ObjectInputStream (Serialization, 8272236) (CVE-2022-21341)
* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
(CVE-2022-21360)
* OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)
(CVE-2022-21365)
* OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO,
8274096) (CVE-2022-21366)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Improve system FIPS detection [java-11-openjdk, RHEL 8] (BZ#2014199)
* Login to the NSS software token in FIPS [java-11-openjdk, RHEL 8]
(BZ#2014203)
* Enable the import of plain keys into the NSS Software Token while in FIPS
mode [rhel-8, openjdk-11] (BZ#2014211)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
2014199 - Improve system FIPS detection [java-11-openjdk, RHEL 8] [rhel-8.4.0.z]
2014203 - Login to the NSS software token in FIPS [java-11-openjdk, RHEL 8] [rhel-8.4.0.z]
2014211 - Enable the import of plain keys into the NSS Software Token while in FIPS mode [rhel-8, openjdk-11] [rhel-8.4.0.z]
2041400 - CVE-2022-21283 OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)
2041417 - CVE-2022-21293 OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
2041427 - CVE-2022-21294 OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416)
2041435 - CVE-2022-21282 OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
2041439 - CVE-2022-21296 OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)
2041479 - CVE-2022-21277 OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952)
2041491 - CVE-2022-21360 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
2041785 - CVE-2022-21365 OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)
2041789 - CVE-2022-21366 OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096)
2041801 - CVE-2022-21248 OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)
2041831 - CVE-2022-21291 OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386)
2041878 - CVE-2022-21305 OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
2041884 - CVE-2022-21340 OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026)
2041897 - CVE-2022-21341 OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v.8.4):
Source:
java-11-openjdk-11.0.14.0.9-2.el8_4.src.rpm
aarch64:
java-11-openjdk-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-debugsource-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-demo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-devel-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-devel-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-headless-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-headless-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-javadoc-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-jmods-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-src-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-static-libs-11.0.14.0.9-2.el8_4.aarch64.rpm
ppc64le:
java-11-openjdk-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-debugsource-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-demo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-devel-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-devel-debuginfo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-headless-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-headless-debuginfo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-javadoc-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-jmods-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-src-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-static-libs-11.0.14.0.9-2.el8_4.ppc64le.rpm
s390x:
java-11-openjdk-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-debugsource-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-demo-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-devel-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-devel-debuginfo-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-headless-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-headless-debuginfo-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-javadoc-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-jmods-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-src-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-static-libs-11.0.14.0.9-2.el8_4.s390x.rpm
x86_64:
java-11-openjdk-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-debugsource-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-demo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-devel-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-devel-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-devel-fastdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-fastdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-headless-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-headless-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-headless-fastdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-javadoc-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-jmods-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-src-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-static-libs-11.0.14.0.9-2.el8_4.x86_64.rpm
Red Hat CodeReady Linux Builder EUS (v. 8.4):
aarch64:
java-11-openjdk-debugsource-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-demo-slowdebug-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-devel-slowdebug-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-headless-slowdebug-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-jmods-slowdebug-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-slowdebug-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-src-slowdebug-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-static-libs-slowdebug-11.0.14.0.9-2.el8_4.aarch64.rpm
ppc64le:
java-11-openjdk-debugsource-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-demo-slowdebug-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-devel-slowdebug-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-headless-slowdebug-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-jmods-slowdebug-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-slowdebug-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-src-slowdebug-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-static-libs-slowdebug-11.0.14.0.9-2.el8_4.ppc64le.rpm
s390x:
java-11-openjdk-debugsource-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-demo-slowdebug-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-devel-slowdebug-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-headless-slowdebug-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-jmods-slowdebug-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-slowdebug-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-src-slowdebug-11.0.14.0.9-2.el8_4.s390x.rpm
java-11-openjdk-static-libs-slowdebug-11.0.14.0.9-2.el8_4.s390x.rpm
x86_64:
java-11-openjdk-debugsource-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-demo-fastdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-demo-slowdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-devel-fastdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-devel-fastdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-devel-slowdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-fastdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-fastdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-headless-fastdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-headless-fastdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-headless-slowdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-jmods-fastdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-jmods-slowdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-slowdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-src-fastdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-src-slowdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-static-libs-fastdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
java-11-openjdk-static-libs-slowdebug-11.0.14.0.9-2.el8_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-21248
https://access.redhat.com/security/cve/CVE-2022-21277
https://access.redhat.com/security/cve/CVE-2022-21282
https://access.redhat.com/security/cve/CVE-2022-21283
https://access.redhat.com/security/cve/CVE-2022-21291
https://access.redhat.com/security/cve/CVE-2022-21293
https://access.redhat.com/security/cve/CVE-2022-21294
https://access.redhat.com/security/cve/CVE-2022-21296
https://access.redhat.com/security/cve/CVE-2022-21299
https://access.redhat.com/security/cve/CVE-2022-21305
https://access.redhat.com/security/cve/CVE-2022-21340
https://access.redhat.com/security/cve/CVE-2022-21341
https://access.redhat.com/security/cve/CVE-2022-21360
https://access.redhat.com/security/cve/CVE-2022-21365
https://access.redhat.com/security/cve/CVE-2022-21366
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/articles/11258
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYe6Lh9zjgjWX9erEAQgTWg//UUS+qAYT4Ty/HNe+XUOIEg6B8ee1c5oJ
9KuY+7qUWs1goZD/VzcrWSQKrR59TQ7V9RV0L1qPYKP/2Bt2XKyCJ97zMLkHi2vc
T+oBAiX8CuhJMfKYx1EIo+YSzf5NPearAZXpjo4hmfimYciMEOck2RDfBKl7IrrS
+i+JyrzPG9kpHr3V58kEE3VIMa49XbvVQaNtVnQffadIDrkcWVwGpRBpdLahQTr9
Ejp7jcc/DZvhIae8Puv98ykZFs02NuyFkI/tVZQXRpU8n7MVXQeAm3G+cLJ+WNJZ
2zxSqgBDmaw0U35urdkoLU8ew2gJsAUNk1bJ2H2L7Sod1AwVVuZdmf+sHKxrcHpK
fQJX7bJGFczMsrsGb8m9FjBe+XXPoMYErj8F/FafIyOYbh46T6jP0Wi8jFj8gmxX
cCM1l8I3chFmREWenqUq8VxwqJTkcQE1xnswmvh5kywp4drFjE+4s72LXBPI3d5n
08Or3AxgDZ7fn76mEss3Y4feBg02Hm/QZ7fnM0c67PA2ikqyz68JykZQZ+fB/x49
CK9UKeNKjIkKpwq8d9TeDg1ZGPXMO6ET49zogRL4FaLq+jmS6AlfGQFDFW+BBUsz
QZhGrQ9Q+pEV5vphHUovjDBWbtjIhGMIE/o+AizhoiAFpehfJo6XxyvdZzXodocF
yKPE3TEjoaQ=1ph4
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
PREVIOUS
NEXT
Warning: Undefined array key "solution" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 316
Warning: Undefined variable $read_more_added_bug in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 320
Red Hat: RHSA-2022-0211 Moderate: Java-11-OpenJDK Security Update
red hat
January 24, 2022
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to
take effect.
Summary
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
* OpenJDK: Incomplete deserialization class filtering in ObjectInputStream
(Serialization, 8264934) (CVE-2022-21248)
* OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor
(ImageIO, 8270952) (CVE-2022-21277)
* OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP,
8270492) (CVE-2022-21282)
* OpenJDK: Unexpected exception thrown in regex Pattern (Libraries,
8268813) (CVE-2022-21283)
* OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386)
(CVE-2022-21291)
* OpenJDK: Incomplete checks of StringBuffer and StringBuilder during
deserialization (Libraries, 8270392) (CVE-2022-21293)
* OpenJDK: Incorrect IdentityHashMap size checks during deserialization
(Libraries, 8270416) (CVE-2022-21294)
* OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
(CVE-2022-21296)
* OpenJDK: Infinite loop related to incorrect handling of newlines in
XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
* OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
(CVE-2022-21305)
* OpenJDK: Excessive resource use when reading JAR manifest attributes
(Libraries, 8272026) (CVE-2022-21340)
* OpenJDK: Insufficient checks when deserializing exceptions in
ObjectInputStream (Serialization, 8272236) (CVE-2022-21341)
* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
(CVE-2022-21360)
* OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)
(CVE-2022-21365)
* OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO,
8274096) (CVE-2022-21366)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Improve system FIPS detection [java-11-openjdk, RHEL 8] (BZ#2014199)
* Login to the NSS software token in FIPS [java-11-openjdk, RHEL 8]
(BZ#2014203)
* Enable the import of plain keys into the NSS Software Token while in FIPS
mode [rhel-8, openjdk-11] (BZ#2014211)
References
https://access.redhat.com/security/cve/CVE-2022-21248 https://access.redhat.com/security/cve/CVE-2022-21277 https://access.redhat.com/security/cve/CVE-2022-21282 https://access.redhat.com/security/cve/CVE-2022-21283 https://access.redhat.com/security/cve/CVE-2022-21291 https://access.redhat.com/security/cve/CVE-2022-21293 https://access.redhat.com/security/cve/CVE-2022-21294 https://access.redhat.com/security/cve/CVE-2022-21296 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21305 https://access.redhat.com/security/cve/CVE-2022-21340 https://access.redhat.com/security/cve/CVE-2022-21341 https://access.redhat.com/security/cve/CVE-2022-21360 https://access.redhat.com/security/cve/CVE-2022-21365 https://access.redhat.com/security/cve/CVE-2022-21366 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/11258
Package List
Red Hat Enterprise Linux AppStream EUS (v.8.4):
Source:
java-11-openjdk-11.0.14.0.9-2.el8_4.src.rpm
aarch64:
java-11-openjdk-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-debugsource-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-demo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-devel-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-devel-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-headless-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-headless-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-javadoc-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-javadoc-zip-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-jmods-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-src-11.0.14.0.9-2.el8_4.aarch64.rpm
java-11-openjdk-static-libs-11.0.14.0.9-2.el8_4.aarch64.rpm
ppc64le:
java-11-openjdk-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-debuginfo-11.0.14.0.9-2.el8_4.ppc64le.rpm
java-11-openjdk-debugsource-11.0.14.0.9-2.el8_4.ppc64le.rpm
Read the Full Advisory
Advisory ID: RHSA-2022:0211-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0211
Issue date: 2022-01-24
Topic
An update for java-11-openjdk is now available for Red Hat Enterprise Linux8.4 Extended Update Support.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64
Bugs Fixed
2014199 - Improve system FIPS detection [java-11-openjdk, RHEL 8] [rhel-8.4.0.z]
2014203 - Login to the NSS software token in FIPS [java-11-openjdk, RHEL 8] [rhel-8.4.0.z]
2014211 - Enable the import of plain keys into the NSS Software Token while in FIPS mode [rhel-8, openjdk-11] [rhel-8.4.0.z]
2041400 - CVE-2022-21283 OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)
2041417 - CVE-2022-21293 OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
2041427 - CVE-2022-21294 OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416)
2041435 - CVE-2022-21282 OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
2041439 - CVE-2022-21296 OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)
2041479 - CVE-2022-21277 OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952)
2041491 - CVE-2022-21360 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
2041785 - CVE-2022-21365 OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)
2041789 - CVE-2022-21366 OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096)
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!