RLSA-2026:9689

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

Security Fix(es):

• JDK: Enhance crypto algorithm support (CVE-2026-22007)

• JDK: Improve Kerberos credentialing (CVE-2026-22013)

• JDK: Enhance Path Factories Redux (CVE-2026-22016)

• JDK: Enhance Zip file reading (CVE-2026-22018)

• JDK: Enhance certificate chain validation (CVE-2026-22021)

• JDK: Updating FreeType 2.14.1 (CVE-2026-23865)

• JDK: Enhance TLS connection handling (CVE-2026-34282)

• JDK: Enhance key generation (CVE-2026-34268)

Bug Fix(es):

• When copying files, OpenJDK 21 prefers to use the copyfilerange native function for performance reasons, only falling back to sendfile when this fails. However, in previous OpenJDK 21 releases, a response of EOPNOTSUPP (operation not supported) did not cause the JDK to fall back to sendfile. This is rectified in this release. (Rocky Linux-169617, Rocky Linux-169951, Rocky Linux-169952, Rocky Linux-169942, Rocky Linux-169953, Rocky Linux-169945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.