CentOS java-1.8.0-openjdk security

Support for security such as Firewalls and securing linux
Post Reply
Lukasz1990
Posts: 3
Joined: 2021/10/07 13:35:56

CentOS java-1.8.0-openjdk security

Post by Lukasz1990 » 2022/01/10 09:00:10

Hello

I have question because I don't find answer in internet.

Did centos have problem with security hole such as redhat? I have on mind problem with java-openjdk-1.8.0, (CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35564 CVE-2021-35565 CVE-2021-35578 CVE-2021-35586 CVE-2021-41035)

If I update java to the version 1.8.0-312 problem disappear?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: CentOS java-1.8.0-openjdk security

Post by jlehtone » 2022/01/10 14:14:05

According to Red Hat, the last on that list (CVE-2021-41035) does affect package 'java-1.8.0-ibm', which CentOS does not have. https://access.redhat.com/security/cve/cve-2021-41035
CVE-2021-35586 was fixed in RHEL package 'java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9' https://access.redhat.com/security/cve/cve-2021-35586
(The others I did not check.)

CentOS Linux builds binary packages from the sources of RHEL packages that Red Hat makes public.
If RHEL 7 was affected by security issue and Red Hat did release a fix, then CentOS Linux gets it too, if you do sudo yum update

The current version in CentOS Linux 7 for 'java-1.8.0-openjdk' is: 1.8.0.312.b07-1.el7_9.


"If I update" ... the question is, why have you not updated all packages as soon as newer versions become available in CentOS repositories?

Lukasz1990
Posts: 3
Joined: 2021/10/07 13:35:56

Re: CentOS java-1.8.0-openjdk security

Post by Lukasz1990 » 2022/01/12 08:10:05

You have right

I don't know why I looked on java-1.8.0-ibm stead java-1.8.0-openjdk.
In first time I looked good but second time I looked wrong and from this my question.

Why I not updated after released new version? Because too a lot servers but thank you for answer and help.

Post Reply