- Issued:
- 2021-10-20
- Updated:
- 2021-10-20
RHSA-2021:3892 - Important: java-11-openjdk security and bug fix update
Synopsis
Important: java-11-openjdk security and bug fix update
Type/Severity
Security Advisory Important
Topic
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
-
OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)
-
OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)
-
OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)
-
OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)
-
OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)
-
OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)
-
OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)
-
OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)
-
OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)
-
OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Previously, uninstalling the OpenJDK RPMs attempted to remove a client directory that did not exist. This directory is no longer used in java-11-openjdk and all references to it have now been removed. (RHBZ#1698873)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 7 | x86_64 |
| Red Hat Enterprise Linux for Power, little endian | 7 | ppc64le |
| Red Hat Enterprise Linux for Power, big endian | 7 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 7 | s390x |
| Red Hat Enterprise Linux Workstation | 7 | x86_64 |
| Red Hat Enterprise Linux Server | 7 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 7 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian | 7 | ppc64le |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian | 7 | ppc64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 7 | s390x |
| Red Hat Enterprise Linux Desktop | 7 | x86_64 |
Updated Packages
- java-11-openjdk-11.0.13.0.8-1.el7_9.i686.rpm
- java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.s390x.rpm
- java-11-openjdk-devel-11.0.13.0.8-1.el7_9.ppc64.rpm
- java-11-openjdk-src-11.0.13.0.8-1.el7_9.ppc64.rpm
- java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.ppc64le.rpm
- java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.i686.rpm
- java-11-openjdk-11.0.13.0.8-1.el7_9.s390x.rpm
- java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.i686.rpm
- java-11-openjdk-devel-11.0.13.0.8-1.el7_9.x86_64.rpm
- java-11-openjdk-demo-11.0.13.0.8-1.el7_9.x86_64.rpm
- java-11-openjdk-headless-11.0.13.0.8-1.el7_9.ppc64le.rpm
- java-11-openjdk-devel-11.0.13.0.8-1.el7_9.i686.rpm
- java-11-openjdk-11.0.13.0.8-1.el7_9.src.rpm
- java-11-openjdk-11.0.13.0.8-1.el7_9.ppc64le.rpm
- java-11-openjdk-demo-11.0.13.0.8-1.el7_9.ppc64.rpm
- java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.x86_64.rpm
- java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.ppc64le.rpm
- java-11-openjdk-headless-11.0.13.0.8-1.el7_9.s390x.rpm
- java-11-openjdk-11.0.13.0.8-1.el7_9.ppc64.rpm
- java-11-openjdk-demo-11.0.13.0.8-1.el7_9.s390x.rpm
- java-11-openjdk-headless-11.0.13.0.8-1.el7_9.ppc64.rpm
- java-11-openjdk-11.0.13.0.8-1.el7_9.x86_64.rpm
- java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.ppc64.rpm
- java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.ppc64le.rpm
- java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.ppc64.rpm
- java-11-openjdk-demo-11.0.13.0.8-1.el7_9.i686.rpm
- java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.x86_64.rpm
- java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.ppc64.rpm
- java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.x86_64.rpm
- java-11-openjdk-src-11.0.13.0.8-1.el7_9.i686.rpm
- java-11-openjdk-src-11.0.13.0.8-1.el7_9.ppc64le.rpm
- java-11-openjdk-devel-11.0.13.0.8-1.el7_9.ppc64le.rpm
- java-11-openjdk-src-11.0.13.0.8-1.el7_9.s390x.rpm
- java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.s390x.rpm
- java-11-openjdk-src-11.0.13.0.8-1.el7_9.x86_64.rpm
- java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.ppc64.rpm
- java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.i686.rpm
- java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.ppc64le.rpm
- java-11-openjdk-static-libs-11.0.13.0.8-1.el7_9.x86_64.rpm
- java-11-openjdk-headless-11.0.13.0.8-1.el7_9.i686.rpm
- java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.s390x.rpm
- java-11-openjdk-demo-11.0.13.0.8-1.el7_9.ppc64le.rpm
- java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.ppc64le.rpm
- java-11-openjdk-javadoc-zip-11.0.13.0.8-1.el7_9.ppc64.rpm
- java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.s390x.rpm
- java-11-openjdk-devel-11.0.13.0.8-1.el7_9.s390x.rpm
- java-11-openjdk-javadoc-11.0.13.0.8-1.el7_9.x86_64.rpm
- java-11-openjdk-jmods-11.0.13.0.8-1.el7_9.i686.rpm
- java-11-openjdk-headless-11.0.13.0.8-1.el7_9.x86_64.rpm
- java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.s390x.rpm
- java-11-openjdk-debuginfo-11.0.13.0.8-1.el7_9.i686.rpm
Fixes
- This content is not included.BZ - 1698873
- This content is not included.BZ - 1999936
- This content is not included.BZ - 2014508
- This content is not included.BZ - 2014515
- This content is not included.BZ - 2014518
- This content is not included.BZ - 2014524
- This content is not included.BZ - 2015061
- This content is not included.BZ - 2015308
- This content is not included.BZ - 2015311
- This content is not included.BZ - 2015648
- This content is not included.BZ - 2015653
- This content is not included.BZ - 2015658
CVEs
- CVE-2021-35550
- CVE-2021-35556
- CVE-2021-35559
- CVE-2021-35561
- CVE-2021-35564
- CVE-2021-35565
- CVE-2021-35567
- CVE-2021-35578
- CVE-2021-35586
- CVE-2021-35603
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.