RedHat: RHSA-2022-5837:01 Moderate: java-1.8.0-ibm security update

Advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-ibm security update
Advisory ID:       RHSA-2022:5837-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5837
Issue date:        2022-08-02
CVE Names:         CVE-2021-35561 CVE-2022-21434 CVE-2022-21443 
                   CVE-2022-21496 
=====================================================================

1. Summary:

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux
8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Supplementary (v. 8) - ppc64le, s390x, x86_64

3. Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR7-FP10.

Security Fix(es):

* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility,
8266097) (CVE-2021-35561)

* OpenJDK: Improper object-to-string conversion in
AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)

* OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
(CVE-2022-21443)

* OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take
effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)
2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

6. Package List:

Red Hat Enterprise Linux Supplementary (v. 8):

ppc64le:
java-1.8.0-ibm-1.8.0.7.10-1.el8_6.ppc64le.rpm
java-1.8.0-ibm-demo-1.8.0.7.10-1.el8_6.ppc64le.rpm
java-1.8.0-ibm-devel-1.8.0.7.10-1.el8_6.ppc64le.rpm
java-1.8.0-ibm-headless-1.8.0.7.10-1.el8_6.ppc64le.rpm
java-1.8.0-ibm-jdbc-1.8.0.7.10-1.el8_6.ppc64le.rpm
java-1.8.0-ibm-plugin-1.8.0.7.10-1.el8_6.ppc64le.rpm
java-1.8.0-ibm-src-1.8.0.7.10-1.el8_6.ppc64le.rpm
java-1.8.0-ibm-webstart-1.8.0.7.10-1.el8_6.ppc64le.rpm

s390x:
java-1.8.0-ibm-1.8.0.7.10-1.el8_6.s390x.rpm
java-1.8.0-ibm-demo-1.8.0.7.10-1.el8_6.s390x.rpm
java-1.8.0-ibm-devel-1.8.0.7.10-1.el8_6.s390x.rpm
java-1.8.0-ibm-headless-1.8.0.7.10-1.el8_6.s390x.rpm
java-1.8.0-ibm-jdbc-1.8.0.7.10-1.el8_6.s390x.rpm
java-1.8.0-ibm-src-1.8.0.7.10-1.el8_6.s390x.rpm

x86_64:
java-1.8.0-ibm-1.8.0.7.10-1.el8_6.x86_64.rpm
java-1.8.0-ibm-demo-1.8.0.7.10-1.el8_6.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.7.10-1.el8_6.x86_64.rpm
java-1.8.0-ibm-headless-1.8.0.7.10-1.el8_6.x86_64.rpm
java-1.8.0-ibm-jdbc-1.8.0.7.10-1.el8_6.x86_64.rpm
java-1.8.0-ibm-plugin-1.8.0.7.10-1.el8_6.x86_64.rpm
java-1.8.0-ibm-src-1.8.0.7.10-1.el8_6.x86_64.rpm
java-1.8.0-ibm-webstart-1.8.0.7.10-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-35561
https://access.redhat.com/security/cve/CVE-2022-21434
https://access.redhat.com/security/cve/CVE-2022-21443
https://access.redhat.com/security/cve/CVE-2022-21496
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYuqtQtzjgjWX9erEAQiKcQ//cLT6WktkC0RdGKMnXfqPYE1XEgVzDMQs
qt6vConknSdPnXr5MkcKsitAf7+V/n9GKqV/gReOMypR1OOO1u4liU7b0vWRtR9U
txnquHFGAyebY8az1ugd4Yf16RiId+TgpICpmgHzoEy8NC8DLPFFwUas9t5Uu/FR
7PZSZS13HQ3kTRhYaBFgEWU9fGn8huP5ReAw+JRkd8tZlBmHv/OTLA4W4+ctADFP
14StepQDoWcpaI6IRD2VCnB2C1Kb23V8k4J4RjPnPjYKtUlYvgfIqaGxPTZStEI5
J83RS7WFNFvMDqLwmd3cX7ytxYLFs89B0GGrdOib8UJ/Kji9aEu69q+cpZEp39VA
cPgSnyY74566Lfd1Qh24jZbENkaWyeiIm85fEjPafBoA4OoHI/fsVRC68d9qY8DR
5iRdqn8CpbCNhi82ysu5LYLF0hS6UjA//+jw19EjL7XyxWotnBsAD59VXzY1y0xW
yMn5YocNHh5qKj8NjKWT1FarqVGfGsu/4js0PrzzUNaamztaqrsqsUvN0MNkx0w6
4Invi9zwQVk/zHRdfQ54JT9wlQXNh0cJbNn1nV2tRLWaaAUUvQqR5Ga1GSrnA5wB
cV97qSfX5VXr+I45A79V0kQ802jjz13kW8TCBJbpOvA5E7Q4CqgBwsCHoaWPfyKl
OaijEQoubcM=
=o/eU
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-5837:01 Moderate: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8

Summary

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 8 to version 8 SR7-FP10.
Security Fix(es):
* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)
* OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
* OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
* OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258All running instances of IBM Java must be restarted for this update to takeeffect.

References

https://access.redhat.com/security/cve/CVE-2021-35561 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux Supplementary (v. 8):
ppc64le: java-1.8.0-ibm-1.8.0.7.10-1.el8_6.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.7.10-1.el8_6.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.7.10-1.el8_6.ppc64le.rpm java-1.8.0-ibm-headless-1.8.0.7.10-1.el8_6.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.7.10-1.el8_6.ppc64le.rpm java-1.8.0-ibm-plugin-1.8.0.7.10-1.el8_6.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.7.10-1.el8_6.ppc64le.rpm java-1.8.0-ibm-webstart-1.8.0.7.10-1.el8_6.ppc64le.rpm
s390x: java-1.8.0-ibm-1.8.0.7.10-1.el8_6.s390x.rpm java-1.8.0-ibm-demo-1.8.0.7.10-1.el8_6.s390x.rpm java-1.8.0-ibm-devel-1.8.0.7.10-1.el8_6.s390x.rpm java-1.8.0-ibm-headless-1.8.0.7.10-1.el8_6.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.7.10-1.el8_6.s390x.rpm java-1.8.0-ibm-src-1.8.0.7.10-1.el8_6.s390x.rpm
x86_64: java-1.8.0-ibm-1.8.0.7.10-1.el8_6.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.7.10-1.el8_6.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.7.10-1.el8_6.x86_64.rpm java-1.8.0-ibm-headless-1.8.0.7.10-1.el8_6.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.7.10-1.el8_6.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.7.10-1.el8_6.x86_64.rpm java-1.8.0-ibm-src-1.8.0.7.10-1.el8_6.x86_64.rpm java-1.8.0-ibm-webstart-1.8.0.7.10-1.el8_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2022:5837-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5837
Issued Date: : 2022-08-02
CVE Names: CVE-2021-35561 CVE-2022-21434 CVE-2022-21443 CVE-2022-21496

Topic

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux Supplementary (v. 8) - ppc64le, s390x, x86_64

Bugs Fixed

2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)

2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.