A java-11-openjdk security update has been released for AlmaLinux.
ALSA-2022:1442 Important: java-11-openjdk security update
Type:
security
Severity:
important
Release date:
2022-04-21
Description
Security Fix(es):
* OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
* OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
* OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
* OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
* OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2022-21426
CVE-2022-21434
CVE-2022-21443
CVE-2022-21476
CVE-2022-21496
Updates packages:
java-11-openjdk-11.0.15.0.9-2.el8_5.x86_64.rpm
java-11-openjdk-demo-11.0.15.0.9-2.el8_5.x86_64.rpm
java-11-openjdk-devel-11.0.15.0.9-2.el8_5.x86_64.rpm
java-11-openjdk-headless-11.0.15.0.9-2.el8_5.x86_64.rpm
java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.x86_64.rpm
java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.x86_64.rpm
java-11-openjdk-src-11.0.15.0.9-2.el8_5.x86_64.rpm
java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.x86_64.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.