A java-1.8.0-openjdk security, bug fix, and enhancement update has been released for AlmaLinux 8.
ALSA-2022:5696 ALSA-2022:5696: java-1.8.0-openjdk security, bug fix, and enhancement update (Important)
Type:
security
Severity:
important
Release date:
2022-07-28
Description
The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk (1.8.0.342.b07). (BZ#2084648)
Security Fix(es):
* OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169)
* OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)
* OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance() rhel-8, openjdk-8 (BZ#2099911)
* Revert to disabling system security properties and FIPS mode support together rhel-8, openjdk-8 (BZ#2108564)
* SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode rhel-8, openjdk-8 (BZ#2108566)
References:
ALSA-2022:5696
Updates packages:
java-1.8.0-openjdk-1.8.0.342.b07-2.el8_6.ppc64le.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-2.el8_6.noarch.rpm
java-1.8.0-openjdk-demo-1.8.0.342.b07-2.el8_6.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.342.b07-2.el8_6.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.342.b07-2.el8_6.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.342.b07-2.el8_6.ppc64le.rpm
java-1.8.0-openjdk-accessibility-1.8.0.342.b07-2.el8_6.ppc64le.rpm
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-2.el8_6.noarch.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
