Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:0233: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-21248: OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)
  • CVE-2022-21277: OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952)
  • CVE-2022-21282: OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
  • CVE-2022-21283: OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)
  • CVE-2022-21291: OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386)
  • CVE-2022-21293: OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
  • CVE-2022-21294: OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416)
  • CVE-2022-21296: OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
  • CVE-2022-21299: OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)
  • CVE-2022-21305: OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
  • CVE-2022-21340: OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026)
  • CVE-2022-21341: OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)
  • CVE-2022-21360: OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
  • CVE-2022-21365: OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)
  • CVE-2022-21366: OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096)
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-01-24

Updated:

2022-01-24

RHSA-2022:0233 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: java-11-openjdk security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248)
  • OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) (CVE-2022-21277)
  • OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282)
  • OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283)
  • OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386) (CVE-2022-21291)
  • OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) (CVE-2022-21293)
  • OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) (CVE-2022-21294)
  • OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296)
  • OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
  • OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305)
  • OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340)
  • OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) (CVE-2022-21341)
  • OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360)
  • OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365)
  • OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096) (CVE-2022-21366)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2041400 - CVE-2022-21283 OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)
  • BZ - 2041417 - CVE-2022-21293 OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
  • BZ - 2041427 - CVE-2022-21294 OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416)
  • BZ - 2041435 - CVE-2022-21282 OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
  • BZ - 2041439 - CVE-2022-21296 OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
  • BZ - 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)
  • BZ - 2041479 - CVE-2022-21277 OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952)
  • BZ - 2041491 - CVE-2022-21360 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
  • BZ - 2041785 - CVE-2022-21365 OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)
  • BZ - 2041789 - CVE-2022-21366 OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096)
  • BZ - 2041801 - CVE-2022-21248 OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)
  • BZ - 2041831 - CVE-2022-21291 OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386)
  • BZ - 2041878 - CVE-2022-21305 OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
  • BZ - 2041884 - CVE-2022-21340 OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026)
  • BZ - 2041897 - CVE-2022-21341 OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)

CVEs

  • CVE-2022-21248
  • CVE-2022-21277
  • CVE-2022-21282
  • CVE-2022-21283
  • CVE-2022-21291
  • CVE-2022-21293
  • CVE-2022-21294
  • CVE-2022-21296
  • CVE-2022-21299
  • CVE-2022-21305
  • CVE-2022-21340
  • CVE-2022-21341
  • CVE-2022-21360
  • CVE-2022-21365
  • CVE-2022-21366

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1

SRPM

java-11-openjdk-11.0.14.0.9-1.el8_1.src.rpm

SHA-256: 0cb5de8bf7e45b9b352a0de1b686200d589037558c61b41db4bab2eafb2ae7af

ppc64le

java-11-openjdk-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: ac68cde24a1b8e85d5150476a3c97098a585f2746edda5c2ca429f40f6ccb453

java-11-openjdk-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: 5f4c3355b43043a1a4801d584ab5cf2f7e62fbfa61d353ecf53c83e043413727

java-11-openjdk-debugsource-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: 184f153984c4ffaa37f9fe828fd58e609c2eca1898a1d2d01c9be23213f1f442

java-11-openjdk-demo-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: 0a4be9666f2186fdad7e4ad73d494b19a3dc18c2a72e7b0ecf5c3f5930ad58e1

java-11-openjdk-devel-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: 3ece76b07c7c919641ea559ee319e06fc515ecfd67d3423402415ecc0dac7e44

java-11-openjdk-devel-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: 62a7b359fa6f1889475867c48cf7d71a5a5dd6e03fcc52b9f7cf984fe336faaf

java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: b50adad558ce7cf35f263dc7c55f864dbd71b52658b29e6578f7d69678f32708

java-11-openjdk-headless-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: b31748c7151ccc3fa4e18079e4e46004062d1d9860c721994ab0b97423d1b055

java-11-openjdk-headless-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: b5cecbd1d408d96bbb0cc295c6ec8e948e7c2676a7a3db9491fab9bb87ec72f2

java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: 9cac7261b4e0bacc6d7ce406d2647d9769334bc2868315d27c2a78f494b256a9

java-11-openjdk-javadoc-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: a77288bfa8b71c31a7930eb90fff2f29d94e9ea5256938527f551e77d1cb29fe

java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: c086d29b8dfa0fddcbb17bc065c4b266f8f41e861dc1a446e6bbad50ccfa3a53

java-11-openjdk-jmods-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: 6aca97a8c6d83899b245ff39f1814c9afeec3ee8f7ed0cb05860ca6caefd612e

java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: c162671057892cbd43756cfa96d7734bdb4bcf408b1ce0d7a7a65a399981d149

java-11-openjdk-src-11.0.14.0.9-1.el8_1.ppc64le.rpm

SHA-256: 3900fb2aa152f544d5d4d0237e67453c1da2855a7acf0981478768c7077af00e

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1

SRPM

java-11-openjdk-11.0.14.0.9-1.el8_1.src.rpm

SHA-256: 0cb5de8bf7e45b9b352a0de1b686200d589037558c61b41db4bab2eafb2ae7af

x86_64

java-11-openjdk-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: d36fdd0aae976f1b97bb07b555265388c91771aa821fff942ce2cbbd921f35d8

java-11-openjdk-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: dbf12e7358cee7abdced0fb3b8f63ea9e94f68288b3266247c95b8710a3f8022

java-11-openjdk-debugsource-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: 028c0b691c3ed40f823358fcff1c51d353785b323df3c2a57cd007255cc2b8f4

java-11-openjdk-demo-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: d0d9bf70d4422345e17ad3168f0df0de8407b088c19e30dacd22ebcf8f3ac1e8

java-11-openjdk-devel-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: 315098a204bcd0f6c43bd1e738ed53425d36967975fe327e84875036f664f325

java-11-openjdk-devel-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: 1d612d2654d5df8d52e0d2814f84be8b2790c88d44243ac5fc2f3d3e2c36d34e

java-11-openjdk-devel-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: daf4d4b0daa278945229525cb89f40f0c971c0b37d2f24d81cf04759a90f949c

java-11-openjdk-headless-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: 77c0a720efadd6401ad70e3b7c01996279df001ecc9e79cf295dfce6304dd98f

java-11-openjdk-headless-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: 561832f8ad2b8624541e2c61be78699082b746d986d9c29454f16f60180c9e9e

java-11-openjdk-headless-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: 250e5d3adb6e2897da534398770c5ed06fe0ca6bf6db57f90a1c14ba671cb760

java-11-openjdk-javadoc-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: 442015b339e77549b7cf663fb1e3a29af4fc5af7a7fdd7f71a536ca5750cb639

java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: 48ec332c495f3f01cf4a5249f5c886d31ea652f6424d70ad3f99730811e9eca8

java-11-openjdk-jmods-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: 71df3802572b1afb9d1df9b207a1834e79c7585f031fad216e9e0da23e44e3f5

java-11-openjdk-slowdebug-debuginfo-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: 0306af869801caedfed5ccf0720c116acabd476de362b303358780802fc986a0

java-11-openjdk-src-11.0.14.0.9-1.el8_1.x86_64.rpm

SHA-256: b51eaac80892cfd7668e747e8786b043885afda37ee70ee5ee199553ac0994e1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data