java-17-openjdk security and bug fix update


An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper ECDSA signature verification (Libraries, 8277233) (CVE-2022-21449) * OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Enable the import of plain keys into the NSS Software Token while in FIPS mode [Rocky Linux-8, openjdk-17] (BZ#2018189) * Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode [Rocky Linux-8, openjdk-17] (BZ#2055396)

Affected Package

OS OS Version Package Name Package Version
rocky 8.0 rocky linux Rocky Linux -Rocky Linux