Red Hat Product Errata RHBA-2025:10367 - Bug Fix Advisory
Issued:
2025-07-07
Updated:
2025-07-07

RHBA-2025:10367 - Bug Fix Advisory

Synopsis

updated Red Hat OpenJDK 11 els for RHEL 8 container images

Type/Severity

Bug Fix Advisory

Topic

Updated Red Hat OpenJDK 11 els for RHEL 8 container images are now available

Description

The Red Hat OpenJDK 11 els for RHEL 8 container images have been updated to address the following security advisory: RHSA-2025:10128 (see References)

Users of Red Hat OpenJDK 11 els for RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat OpenJDK 11 els for RHEL 8 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • OpenJDK Java Extended Life Cycle Support 11 for RHEL 8 x86_64
  • OpenJDK Java Extended Life Cycle Support 11 for RHEL 8 s390x
  • OpenJDK Java Extended Life Cycle Support 11 for RHEL 8 ppc64le
  • OpenJDK Java Extended Life Cycle Support 11 for RHEL 8 aarch64

Fixes

  • BZ - 2370010 - CVE-2025-4435 cpython: Tarfile extracts filtered members when errorlevel=0
  • BZ - 2370013 - CVE-2024-12718 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
  • BZ - 2370014 - CVE-2025-4330 cpython: python: Extraction filter bypass for linking outside extraction directory
  • BZ - 2370016 - CVE-2025-4517 python: cpython: Arbitrary writes via tarfile realpath overflow
  • BZ - 2372426 - CVE-2025-4138 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

aarch64

openjdk-els/openjdk-11-rhel8@sha256:5066b5c0a754f3783c3d97aa55696ff2e4b23b65d752e1c0ee88d6840dfbec24
openjdk-els/openjdk-11-runtime-rhel8@sha256:a7bf5168fa667bc389f27889ecaed92a635a2a9daf3adf46e07faca10187e24b

ppc64le

openjdk-els/openjdk-11-rhel8@sha256:c9b54fc86e0095c0b1a89c146cad76ad9370127da09bc8a0620b6f25635f869b
openjdk-els/openjdk-11-runtime-rhel8@sha256:66070392707248b520b7da8a6afd14828f9cc33f096e72b8dffe8f41a85751a1

s390x

openjdk-els/openjdk-11-rhel8@sha256:7852a27f40188165dedf010bad1d878b34bc1c5017ab309e6610b24e8ec157bc
openjdk-els/openjdk-11-runtime-rhel8@sha256:0d10f0046af0626e5be5eb873f7d804e075a413447d21773e0cb9d8bb70282f8

x86_64

openjdk-els/openjdk-11-rhel8@sha256:f57204e96519abed5f5ad2e300f6b742daab21d82f607d0e58fdb14dabd6a7d2
openjdk-els/openjdk-11-runtime-rhel8@sha256:86cc7a3dac27a29b479017d29cb53191916517d396e041b125b460d363ab0a28

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.