A: java-1.8.0-openjdk security update has been released for AlmaLinux.

ALSA-2022:1491 Important: java-1.8.0-openjdk security update

Type:
security

Severity:
important

Release date:
2022-04-26

Description
Security Fix(es):
* OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
* OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
* OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
* OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
* OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2022-21426
CVE-2022-21434
CVE-2022-21443
CVE-2022-21476
CVE-2022-21496

Updates packages:
java-1.8.0-openjdk-1.8.0.332.b09-1.el8_5.x86_64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.332.b09-1.el8_5.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.332.b09-1.el8_5.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.332.b09-1.el8_5.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.332.b09-1.el8_5.x86_64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.332.b09-1.el8_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.332.b09-1.el8_5.noarch.rpm
java-1.8.0-openjdk-src-1.8.0.332.b09-1.el8_5.x86_64.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2022:1491 Important: java-1.8.0-openjdk security update