RLSA-2026:9683

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2026:9683
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2026:9683.json
JSON Data
https://api.test.osv.dev/v1/vulns/RLSA-2026:9683
Upstream
Published
2026-05-21T16:24:56.966088Z
Modified
2026-05-21T17:00:10.617993580Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Important: java-1.8.0-openjdk security update
Details

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

  • JDK: Enhance crypto algorithm support (CVE-2026-22007)

  • JDK: Improve Kerberos credentialing (CVE-2026-22013)

  • JDK: Enhance Path Factories Redux (CVE-2026-22016)

  • JDK: Enhance Zip file reading (CVE-2026-22018)

  • JDK: Enhance certificate chain validation (CVE-2026-22021)

  • JDK: Updating FreeType 2.14.1 (CVE-2026-23865)

  • JDK: Enhance key generation (CVE-2026-34268)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / java-1.8.0-openjdk

Package

Name
java-1.8.0-openjdk
Purl
pkg:rpm/rocky-linux/java-1.8.0-openjdk?distro=rocky-linux-8&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8.0.492.b09-1.el8_10
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2026:9683.json"