[Apollo] Advisories Statistics light light Login

RLSA-2026:9689

Security Mirrored from RHSA-2026:9689
Issued at: 2026-04-28
Updated at: 2026-04-28

Synopsis

Important: java-21-openjdk security update



Description

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

Security Fix(es):

* JDK: Enhance crypto algorithm support (CVE-2026-22007)

* JDK: Improve Kerberos credentialing (CVE-2026-22013)

* JDK: Enhance Path Factories Redux (CVE-2026-22016)

* JDK: Enhance Zip file reading (CVE-2026-22018)

* JDK: Enhance certificate chain validation (CVE-2026-22021)

* JDK: Updating FreeType 2.14.1 (CVE-2026-23865)

* JDK: Enhance TLS connection handling (CVE-2026-34282)

* JDK: Enhance key generation (CVE-2026-34268)

Bug Fix(es):

* When copying files, OpenJDK 21 prefers to use the copy_file_range native function for performance reasons, only falling back to sendfile when this fails. However, in previous OpenJDK 21 releases, a response of EOPNOTSUPP (operation not supported) did not cause the JDK to fall back to sendfile. This is rectified in this release. (Rocky Linux-169617, Rocky Linux-169951, Rocky Linux-169952, Rocky Linux-169942, Rocky Linux-169953, Rocky Linux-169945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2443891 2460038 2460039 2460040 2460041 2460042 2460043 2460044

CVEs

CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865 CVE-2026-34268 CVE-2026-34282

Affected packages

Rocky Linux 9 aarch64 - AppStream

java-21-openjdk-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-1:21.0.11.0.10-2.el9_7.src.rpm java-21-openjdk-debuginfo-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-debugsource-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-demo-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-devel-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-devel-debuginfo-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-headless-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-headless-debuginfo-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-javadoc-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-javadoc-zip-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-jmods-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-src-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-static-libs-1:21.0.11.0.10-2.el9_7.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

java-21-openjdk-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-1:21.0.11.0.10-2.el9_7.src.rpm java-21-openjdk-debuginfo-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-debugsource-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-demo-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-devel-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-devel-debuginfo-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-headless-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-headless-debuginfo-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-javadoc-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-javadoc-zip-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-jmods-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-src-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-static-libs-1:21.0.11.0.10-2.el9_7.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

java-21-openjdk-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-1:21.0.11.0.10-2.el9_7.src.rpm java-21-openjdk-debuginfo-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-debugsource-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-demo-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-devel-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-devel-debuginfo-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-headless-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-headless-debuginfo-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-javadoc-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-javadoc-zip-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-jmods-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-src-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-static-libs-1:21.0.11.0.10-2.el9_7.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

java-21-openjdk-1:21.0.11.0.10-2.el9_7.src.rpm java-21-openjdk-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-debuginfo-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-debugsource-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-demo-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-devel-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-devel-debuginfo-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-headless-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-headless-debuginfo-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-javadoc-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-javadoc-zip-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-jmods-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-src-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-static-libs-1:21.0.11.0.10-2.el9_7.x86_64.rpm

Rocky Linux 9 aarch64 - CRB

java-21-openjdk-demo-fastdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-demo-slowdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-devel-fastdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-devel-fastdebug-debuginfo-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-devel-slowdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-devel-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-fastdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-fastdebug-debuginfo-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-headless-fastdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-headless-fastdebug-debuginfo-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-headless-slowdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-headless-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-jmods-fastdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-jmods-slowdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-slowdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-src-fastdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-src-slowdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-static-libs-fastdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm java-21-openjdk-static-libs-slowdebug-1:21.0.11.0.10-2.el9_7.aarch64.rpm

Rocky Linux 9 ppc64le - CRB

java-21-openjdk-demo-fastdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-demo-slowdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-devel-fastdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-devel-fastdebug-debuginfo-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-devel-slowdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-devel-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-fastdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-fastdebug-debuginfo-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-headless-fastdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-headless-fastdebug-debuginfo-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-headless-slowdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-headless-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-jmods-fastdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-jmods-slowdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-slowdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-src-fastdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-src-slowdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-static-libs-fastdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm java-21-openjdk-static-libs-slowdebug-1:21.0.11.0.10-2.el9_7.ppc64le.rpm

Rocky Linux 9 x86_64 - CRB

java-21-openjdk-demo-fastdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-demo-slowdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-devel-fastdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-devel-fastdebug-debuginfo-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-devel-slowdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-devel-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-fastdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-fastdebug-debuginfo-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-headless-fastdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-headless-fastdebug-debuginfo-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-headless-slowdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-headless-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-jmods-fastdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-jmods-slowdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-slowdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-src-fastdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-src-slowdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-static-libs-fastdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm java-21-openjdk-static-libs-slowdebug-1:21.0.11.0.10-2.el9_7.x86_64.rpm

Rocky Linux 9 s390x - CRB

java-21-openjdk-demo-slowdebug-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-devel-slowdebug-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-devel-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-headless-slowdebug-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-headless-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-jmods-slowdebug-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-slowdebug-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-slowdebug-debuginfo-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-src-slowdebug-1:21.0.11.0.10-2.el9_7.s390x.rpm java-21-openjdk-static-libs-slowdebug-1:21.0.11.0.10-2.el9_7.s390x.rpm