CVE-2022-21476 - java-11-openjdk

Support for security such as Firewalls and securing linux
Post Reply
rfirpo
Posts: 4
Joined: 2022/05/12 10:36:38

CVE-2022-21476 - java-11-openjdk

Post by rfirpo » 2022/05/12 10:50:01

Dear team,

RH released the CVE-2022-21476 classified as HIGH a couple of weeks ago, see https://access.redhat.com/errata/RHSA-2022:1487 .

According to https://security.snyk.io/vuln/SNYK-CENT ... RC-2773793 the fix will be implemented in java-11-openjdk-src version 1:11.0.15.0.9-2.el7_9 or higher, but the built package is not yet available in the repos, see e.g. https://pkgs.org/search/?q=java-11-openjdk-src.

Do you have an estimate on when this package will be released?

Thanks!

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2022-21476 - java-11-openjdk

Post by TrevorH » 2022/05/12 14:45:42

There are some java packages that have just been built and sent to QA for testing but I am not sure if those include java 11. I know there are java 8 ones there. If they pass the automated QA tests then they'll be pushed to the public repos and would be available in an hour or three.

The RHSA you linked to is for java 8. If RH have not yet pushed the java 11 ones then CentOS won't have anything to rebuild. Edit2: https://access.redhat.com/errata/RHSA-2022:1440 is the java 11 version of the link. And no, that one was not on the list but is now.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

rfirpo
Posts: 4
Joined: 2022/05/12 10:36:38

Re: CVE-2022-21476 - java-11-openjdk

Post by rfirpo » 2022/05/12 18:28:54

Hi Trevor,

that's great news!

Thanks for the quick response and correcting the RHSA. Will wait for those new builds.

Post Reply