Synopsis: Important: java-11-openjdk security and bug fix update Advisory ID: SLSA-2021:3892-1 Issue Date: 2021-10-20 CVE Numbers: CVE-2021-35565 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35586 CVE-2021-35603 CVE-2021-35550 CVE-2021-35578 CVE-2021-35567 -- Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * Previously, uninstalling the OpenJDK RPMs attempted to remove a client directory that did not exist. This directory is no longer used in java-11-openjdk and all references to it have now been removed. (RHBZ#1698873) --- SL7 x86_64 java-11-openjdk-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-demo-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-devel-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-headless-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-src-11.0.13.0.8-1.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.x86_64.rpm -- - Scientific Linux Development Team