AlmaLinux 2325 Published by

A java-17-openjdk security and bug fix update has been released for AlmaLinux.



ALSA-2022:1445 Important: java-17-openjdk security and bug fix update


Type:
security

Severity:
important

Release date:
2022-04-21

Description
Security Fix(es):
* OpenJDK: Improper ECDSA signature verification (Libraries, 8277233) (CVE-2022-21449)
* OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
* OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
* OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
* OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
* OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Enable the import of plain keys into the NSS Software Token while in FIPS mode rhel-8, openjdk-17 (BZ#2018189)
* Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode rhel-8, openjdk-17 (BZ#2055396)

References:
CVE-2022-21426
CVE-2022-21434
CVE-2022-21443
CVE-2022-21449
CVE-2022-21476
CVE-2022-21496

Updates packages:
java-17-openjdk-17.0.3.0.6-2.el8_5.x86_64.rpm
java-17-openjdk-demo-17.0.3.0.6-2.el8_5.x86_64.rpm
java-17-openjdk-devel-17.0.3.0.6-2.el8_5.x86_64.rpm
java-17-openjdk-headless-17.0.3.0.6-2.el8_5.x86_64.rpm
java-17-openjdk-javadoc-17.0.3.0.6-2.el8_5.x86_64.rpm
java-17-openjdk-javadoc-zip-17.0.3.0.6-2.el8_5.x86_64.rpm
java-17-openjdk-jmods-17.0.3.0.6-2.el8_5.x86_64.rpm
java-17-openjdk-src-17.0.3.0.6-2.el8_5.x86_64.rpm
java-17-openjdk-static-libs-17.0.3.0.6-2.el8_5.x86_64.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2022:1445 Important: java-17-openjdk security and bug fix update