RLSA-2021:4135

Source
https://errata.rockylinux.org/RLSA-2021:4135
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2021:4135.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2021:4135
Related
Published
2021-11-09T19:26:37Z
Modified
2023-02-02T14:12:10.200252Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
Summary
Important: java-17-openjdk security update
Details

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)

  • OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  • OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  • OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  • OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)

  • OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  • OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  • OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / java-17-openjdk

Package

Name
java-17-openjdk
Purl
pkg:rpm/rocky-linux/java-17-openjdk?distro=rocky-linux-8-5-legacy&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.1.0.12-2.el8_5