RHSA-2022:1440: Important: java-11-openjdk security, bug fix, and enhancement update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.15.0.9). (BZ#2047531)Security Fix(es): OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:1440?
The severity of RHSA-2022:1440 is classified as low.
How do I fix RHSA-2022:1440?
To resolve RHSA-2022:1440, upgrade to the latest version of the affected java-11-openjdk package, specifically 11-openjdk-11.0.15.0.9-2.el7_9.
What vulnerabilities are addressed in RHSA-2022:1440?
RHSA-2022:1440 addresses security fixes related to potential vulnerabilities in the OpenJDK implementation.
Which systems are affected by RHSA-2022:1440?
RHSA-2022:1440 affects systems running the java-11-openjdk packages on Red Hat Enterprise Linux.
Is there a risk if I do not update for RHSA-2022:1440?
Not updating for RHSA-2022:1440 may expose your system to low-severity vulnerabilities that could be exploited.