RHSA-2022:5837: Moderate: java-1.8.0-ibm security update
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.<br>This update upgrades IBM Java SE 8 to version 8 SR7-FP10.<br>Security Fix(es):<br><li> OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)</li> <li> OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)</li> <li> OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)</li> <li> OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:5837?
The severity of RHSA-2022:5837 is categorized as important due to the risk of excessive memory allocation affecting performance.
How do I fix RHSA-2022:5837?
To fix RHSA-2022:5837, you should upgrade IBM Java SE 8 to version 8 SR7-FP10 as specified in the advisory.
What software versions are affected by RHSA-2022:5837?
The affected software versions under RHSA-2022:5837 include multiple packages of IBM Java SE 1.8.0-ibm up to 1.8.0-7.10-1.el8_6.
What vulnerabilities does RHSA-2022:5837 address?
RHSA-2022:5837 addresses excessive memory allocation vulnerabilities in HashMap and HashSet, identified by CVE-202-XXXX.
Is there a specific version that I need to upgrade to resolve RHSA-2022:5837?
Yes, you need to upgrade to version 1.8.0-ibm-1.8.0.7.10-1.el8_6 or later to resolve RHSA-2022:5837.