Lucene search

K
osvGoogleOSV:RLSA-2021:4135
HistoryNov 09, 2021 - 7:26 p.m.

Important: java-17-openjdk security update

2021-11-0919:26:37
Google
osv.dev
10
java runtime environment
software development kit
openjdk 17
security update
kerberos constrained delegation
rtfparser
rtfreader
hashmap
hashset
keytool
tls handshake
bmpimagereader
cvss score

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

70.4%

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)

  • OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  • OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  • OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  • OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)

  • OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  • OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  • OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.