Issued:: 2022-06-08
Updated:: 2022-06-08

RHSA-2022:4959 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: java-1.8.0-ibm security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR7-FP10.

Security Fix(es):

OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)
BZ - 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
BZ - 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
BZ - 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
x86_64
java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 09d065950d5ba03e5b1f848156be3c1ab9aad5db1faa005f4c37a86bf46285b8
java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 932b94522385328ffc8ebab8dfefc71930fa69333bfe5ae6bfd3edcbc4abd16a
java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: a671d61fe0a1978817a082ba5a0bc952fc0fabc57b90916b116be91dca7c0775
java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 389de3c37855fce07925d605cd8c97f42d75a04b15b6b416366e53305c19e7f2
java-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 632fd7a863c61b3e714ed216ad909e029b72b8894b8295f71b5ac14a6115209e
java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 020903cfc291e27e38ff68a84bc5ea17e6e77d86b6a2d0ce2d49f418902663bf

Red Hat Enterprise Linux Workstation 7

SRPM
x86_64
java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 09d065950d5ba03e5b1f848156be3c1ab9aad5db1faa005f4c37a86bf46285b8
java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 932b94522385328ffc8ebab8dfefc71930fa69333bfe5ae6bfd3edcbc4abd16a
java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: a671d61fe0a1978817a082ba5a0bc952fc0fabc57b90916b116be91dca7c0775
java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 389de3c37855fce07925d605cd8c97f42d75a04b15b6b416366e53305c19e7f2
java-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 632fd7a863c61b3e714ed216ad909e029b72b8894b8295f71b5ac14a6115209e
java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 020903cfc291e27e38ff68a84bc5ea17e6e77d86b6a2d0ce2d49f418902663bf

Red Hat Enterprise Linux Desktop 7

SRPM
x86_64
java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 09d065950d5ba03e5b1f848156be3c1ab9aad5db1faa005f4c37a86bf46285b8
java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 932b94522385328ffc8ebab8dfefc71930fa69333bfe5ae6bfd3edcbc4abd16a
java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: a671d61fe0a1978817a082ba5a0bc952fc0fabc57b90916b116be91dca7c0775
java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 389de3c37855fce07925d605cd8c97f42d75a04b15b6b416366e53305c19e7f2
java-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 632fd7a863c61b3e714ed216ad909e029b72b8894b8295f71b5ac14a6115209e
java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 020903cfc291e27e38ff68a84bc5ea17e6e77d86b6a2d0ce2d49f418902663bf

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
s390x
java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.s390x.rpm	SHA-256: 33e4ba89f547b4851d95237603b06c21a3effbc9bfae9028b8abf32eaedb23b6
java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.s390x.rpm	SHA-256: 77f69b3d470581d6a30b63e15077a93bbaaf08bdda408c9fa5d460b51a710092
java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.s390x.rpm	SHA-256: 74be89c31ac93c79fb66d109d11dc694939fb479612195b1b1742d84fdb726f4
java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.s390x.rpm	SHA-256: 3f8bd8d27f2b4bea5b4d6642c1b5238e906c3ea6f4c846e846052ff022a30af9
java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.s390x.rpm	SHA-256: 3d6218b1e7b82f9a8605e47cfaccc96afebeb6fdd5c15cfd82c1bb18bd4f5982

Red Hat Enterprise Linux for Power, big endian 7

SRPM
ppc64
java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.ppc64.rpm	SHA-256: ccafe3dec1e9f4371d3a5f15c66b3236f957c35b9b71da1feab4ac5f0cf4133a
java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.ppc64.rpm	SHA-256: 8323f82367529595ee3e945c746c1ba1c6d8901e85cc1c09100e3174a0341d28
java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.ppc64.rpm	SHA-256: 6f51793628fb763ecc376ed931af3c79991311ffeb77c5f96e4efb736c4d9ec1
java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.ppc64.rpm	SHA-256: 6642b2fc6356164533ea7d56102cb49752e05115250e5cd0c5f576d57e74067c
java-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.ppc64.rpm	SHA-256: 2119d2a2b222453614c354e1815526a05bcdb8549ae0d7c649b2db11b53693f8
java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.ppc64.rpm	SHA-256: c339f04305171d498f22c102295797aa9343d20713da7aa96a3400c1cf2de3e6

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
x86_64
java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 09d065950d5ba03e5b1f848156be3c1ab9aad5db1faa005f4c37a86bf46285b8
java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 932b94522385328ffc8ebab8dfefc71930fa69333bfe5ae6bfd3edcbc4abd16a
java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: a671d61fe0a1978817a082ba5a0bc952fc0fabc57b90916b116be91dca7c0775
java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm	SHA-256: 020903cfc291e27e38ff68a84bc5ea17e6e77d86b6a2d0ce2d49f418902663bf

Red Hat Enterprise Linux for Power, little endian 7

SRPM
ppc64le
java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm	SHA-256: ccc8bd68bb0f055f94f53c7225ce76faee834678546fc08bfbac04f8b78e8355
java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm	SHA-256: b3d0c9cd829073019b887b3aba9a035e930c0b6449080350adb84a7159400934
java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm	SHA-256: 7de4878379546125fcd1aca5bfbec5f0c902093a6d4db7e0be2c5ea430a13aa0
java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm	SHA-256: 66d8b3a5a78e47c8631742f65c304fa61baa3d4419fe26d9b68969ce3bcb9ce9
java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm	SHA-256: 1c559123b19ae53076921e758ae263411ca4738924bc4a1e0367989fd95ba942

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation