Red Hat Security Advisory: OpenJDK 11.0.13 security update for Portable Linux Builds
🔗 CVE IDs covered (10)
📋 Description
CVE-2021-35550 — OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) CVE-2021-35556 — OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) CVE-2021-35559 — OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) CVE-2021-35561 — OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) CVE-2021-35564 — OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) CVE-2021-35565 — OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) CVE-2021-35567 — OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) CVE-2021-35578 — OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) CVE-2021-35586 — OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) CVE-2021-35603 — OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618)
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2021:3967
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2014508
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2014515
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2014518
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2014524
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2015061
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2015308
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2015311
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2015648
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2015653
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2015658
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3967.json