CentOS

Dear team,

RH released the CVE-2022-21476 classified as HIGH a couple of weeks ago, see https://access.redhat.com/errata/RHSA-2022:1487 .

According to https://security.snyk.io/vuln/SNYK-CENT ... RC-2773793 the fix will be implemented in java-11-openjdk-src version 1:11.0.15.0.9-2.el7_9 or higher, but the built package is not yet available in the repos, see e.g. https://pkgs.org/search/?q=java-11-openjdk-src.

Do you have an estimate on when this package will be released?

Thanks!

There are some java packages that have just been built and sent to QA for testing but I am not sure if those include java 11. I know there are java 8 ones there. If they pass the automated QA tests then they'll be pushed to the public repos and would be available in an hour or three.

The RHSA you linked to is for java 8. If RH have not yet pushed the java 11 ones then CentOS won't have anything to rebuild. Edit2: https://access.redhat.com/errata/RHSA-2022:1440 is the java 11 version of the link. And no, that one was not on the list but is now.

Hi Trevor,

that's great news!

Thanks for the quick response and correcting the RHSA. Will wait for those new builds.