Lucene search

K
redhatRedHatRHSA-2021:3891
HistoryOct 20, 2021 - 12:41 p.m.

(RHSA-2021:3891) Important: java-11-openjdk security update

2021-10-2012:41:00
CWE-863
access.redhat.com
40
java-11-openjdk
security update
memory allocation
tls handshake
vulnerabilities

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

EPSS

0.003

Percentile

70.4%

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)

  • OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)

  • OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

  • OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  • OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  • OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  • OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)

  • OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  • OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  • OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatjava-1.8.0-openjdkRange1.8.0.312.b07-1.el7_9
OR
redhatjava-11-openjdkRange11.0.13.0.8-1.el7_9
OR
redhatjava-1.8.0-ibm-1Range1.8.0.7.5-1jpp.1.el7
OR
redhatjava-1.7.1-ibm-1Range1.7.1.5.5-1jpp.1.el7
OR
redhatjava-11-openjdkRange11.0.13.0.8-1.el8_4
OR
redhatjava-1.8.0-openjdkRange1.8.0.312.b07-1.el8_4
OR
redhatjava-17-openjdkRange17.0.1.0.12-2.el8_5
OR
redhatjava-1.8.0-ibmRange1.8.0.7.5-1.el8_5
OR
redhatjava-1.8.0-openjdk-1Range1.8.0.312.b07-1.el8_1
OR
redhatjava-11-openjdk-1Range11.0.13.0.8-1.el8_1
OR
redhatjava-1.8.0-openjdk-1Range1.8.0.312.b07-1.el8_2
OR
redhatjava-11-openjdk-1Range11.0.13.0.8-1.el8_2
OR
redhatjava-1.8.0-ibm-1Range1.8.0.7.0-1jpp.1.el7
OR
redhatjava-1.7.1-ibm-1Range1.7.1.5.0-1jpp.1.el7
OR
redhatjava-1.8.0-ibmRange1.8.0.7.0-1.el8_5
OR
redhatjava-1.7.1-ibm-1Range1.7.1.5.10-1jpp.1.el7
OR
redhatjava-1.8.0-ibm-1Range1.8.0.7.10-1jpp.1.el7
OR
redhatjava-1.8.0-ibmRange1.8.0.7.10-1.el8_6
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatchsupplementary
VendorProductVersionCPE
redhatjava-1.8.0-openjdk*cpe:2.3:a:redhat:java-1.8.0-openjdk:*:*:*:*:*:*:*:*
redhatjava-11-openjdk*cpe:2.3:a:redhat:java-11-openjdk:*:*:*:*:*:*:*:*
redhatjava-1.8.0-ibm-1*cpe:2.3:a:redhat:java-1.8.0-ibm-1:*:*:*:*:*:*:*:*
redhatjava-1.7.1-ibm-1*cpe:2.3:a:redhat:java-1.7.1-ibm-1:*:*:*:*:*:*:*:*
redhatjava-17-openjdk*cpe:2.3:a:redhat:java-17-openjdk:*:*:*:*:*:*:*:*
redhatjava-1.8.0-ibm*cpe:2.3:a:redhat:java-1.8.0-ibm:*:*:*:*:*:*:*:*
redhatjava-1.8.0-openjdk-1*cpe:2.3:a:redhat:java-1.8.0-openjdk-1:*:*:*:*:*:*:*:*
redhatjava-11-openjdk-1*cpe:2.3:a:redhat:java-11-openjdk-1:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

EPSS

0.003

Percentile

70.4%