RHSA-2022:0345: Red Hat Security Advisory: java-1.8.0-ibm security update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-02-01

Updated:

2022-02-01

RHSA-2022:0345 - Security Advisory

• Overview
• Updated Packages

Synopsis

Important: java-1.8.0-ibm security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR7.

Security Fix(es):

• Oracle JDK: unspecified vulnerability fixed in 8u311 (Deployment) (CVE-2021-35560)
• OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)
• OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)
• OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)
• OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)
• OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)
• OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)
• IBM JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods (CVE-2021-41035)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le

Fixes

• BZ - 2014508 - CVE-2021-35565 OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)
• BZ - 2014515 - CVE-2021-35556 OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)
• BZ - 2014518 - CVE-2021-35559 OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580)
• BZ - 2015061 - CVE-2021-35564 OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)
• BZ - 2015308 - CVE-2021-35586 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)
• BZ - 2015653 - CVE-2021-35578 OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729)
• BZ - 2027731 - CVE-2021-35560 Oracle JDK: unspecified vulnerability fixed in 8u311 (Deployment)
• BZ - 2027791 - CVE-2021-41035 IBM JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods

CVEs

• CVE-2021-35556
• CVE-2021-35559
• CVE-2021-35560
• CVE-2021-35564
• CVE-2021-35565
• CVE-2021-35578
• CVE-2021-35586
• CVE-2021-41035

Red Hat Enterprise Linux for x86_64 8

SRPM

x86_64

java-1.8.0-ibm-1.8.0.7.0-1.el8_5.x86_64.rpm

SHA-256: 4aac5aa71ff5377a7c8e9d473d2b0eb778321734e4f778a65bec89b07c7b1cb8

java-1.8.0-ibm-demo-1.8.0.7.0-1.el8_5.x86_64.rpm

SHA-256: 3b448b83801d69628750bba505ad98c56e631397d625388b556a9ba1745611aa

java-1.8.0-ibm-devel-1.8.0.7.0-1.el8_5.x86_64.rpm

SHA-256: 70d05dbcb4933e7969522f83c7994dc2636775488df4bbcc239b4a3f2775b063

java-1.8.0-ibm-headless-1.8.0.7.0-1.el8_5.x86_64.rpm

SHA-256: 0f8f28046c2e94f949be1fb68908dbc85a713652de857997e57d5cc6c1403f63

java-1.8.0-ibm-jdbc-1.8.0.7.0-1.el8_5.x86_64.rpm

SHA-256: cfaa0844c61292ee6ca2aaebcee7f983bbbb55df55d89e6998bd971aa835f30b

java-1.8.0-ibm-plugin-1.8.0.7.0-1.el8_5.x86_64.rpm

SHA-256: 46fe7f5b342f92a28dc1becb89d1511b2ff2bc7e3f40e7340c766e9cccaff58e

java-1.8.0-ibm-src-1.8.0.7.0-1.el8_5.x86_64.rpm

SHA-256: fd924e08c36cbdc5093b59502455eeababb53c370ca6f016d877f4f2a28fde25

java-1.8.0-ibm-webstart-1.8.0.7.0-1.el8_5.x86_64.rpm

SHA-256: a4f0b6bc7da9461ed29dc5dcfc38e619f8b0f28aa2b2b6b4ea66bcdd2fb566b2

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

s390x

java-1.8.0-ibm-1.8.0.7.0-1.el8_5.s390x.rpm

SHA-256: 12b4519bae5121706d706eefddc98b5d7ed376340574c0e3bb8d3f4cd67c158b

java-1.8.0-ibm-demo-1.8.0.7.0-1.el8_5.s390x.rpm

SHA-256: 44d9c611f4614c641c13fa860b241083e835574c2251dd9f3d6d458229d94595

java-1.8.0-ibm-devel-1.8.0.7.0-1.el8_5.s390x.rpm

SHA-256: 716bb50d0fa10fb8b14b1a40f0ae4de667f0dd6b47f9ce78bedfa2e84a7e672b

java-1.8.0-ibm-headless-1.8.0.7.0-1.el8_5.s390x.rpm

SHA-256: 1b87500fbdb6ef0c769ba431295e1ae8fbe3142b7ba73d0456338f5b39bbcac4

java-1.8.0-ibm-jdbc-1.8.0.7.0-1.el8_5.s390x.rpm

SHA-256: 9ef7bcb872c9c77ba12f4577513867a57fbac0299cf54c11b98e9d80338c8cf9

java-1.8.0-ibm-src-1.8.0.7.0-1.el8_5.s390x.rpm

SHA-256: 0645fa9dcb83a30c39d05cf01920c748813e903a6b6e8d065ed4b6ec45f1fc15

Red Hat Enterprise Linux for Power, little endian 8

SRPM

ppc64le

java-1.8.0-ibm-1.8.0.7.0-1.el8_5.ppc64le.rpm

SHA-256: fb0c38ef45653e2ab459d49d96a53f2da96f58814f79ce31dc29395de7fd614a

java-1.8.0-ibm-demo-1.8.0.7.0-1.el8_5.ppc64le.rpm

SHA-256: adf27dc0cb376d4858b590149f706c13971bd93b50d956fb0ee0d1730c03db0e

java-1.8.0-ibm-devel-1.8.0.7.0-1.el8_5.ppc64le.rpm

SHA-256: 715e1b975222762bc18c57538707b3e990e20aa46f66ff690e87d395f9397d56

java-1.8.0-ibm-headless-1.8.0.7.0-1.el8_5.ppc64le.rpm

SHA-256: 9177856dfb17e6b9d57e918e47065a6c2001a154e6bd691e70dc4b77dcd526ef

java-1.8.0-ibm-jdbc-1.8.0.7.0-1.el8_5.ppc64le.rpm

SHA-256: 82030df053e48788129c143621a4410e9d12e46b3ad6b656f2ae110edb8b0b4f

java-1.8.0-ibm-plugin-1.8.0.7.0-1.el8_5.ppc64le.rpm

SHA-256: 97d3bfe31f223515d4ce5585c9e0ad2b197f412e702b78fc1ca7d8edd71569d8

java-1.8.0-ibm-src-1.8.0.7.0-1.el8_5.ppc64le.rpm

SHA-256: 1ae10d843f14fa453d2f8a70547d99a3f2f7e377a49311bace72996f78ab03ff

java-1.8.0-ibm-webstart-1.8.0.7.0-1.el8_5.ppc64le.rpm

SHA-256: fd7b358d2e7840f879b4d969fce27c3e749b6ca68a9407c5550de46f94172009

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.