[Apollo] Advisories Statistics light light Login

RLSA-2026:9693

Security Mirrored from RHSA-2026:9693
Issued at: 2026-05-21
Updated at: 2026-05-21

Synopsis

Important: java-25-openjdk security update



Description

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit.

Security Fix(es):

* JDK: Enhance crypto algorithm support (CVE-2026-22007)

* JDK: Improved Arena allocations (CVE-2026-22008)

* JDK: Improve Kerberos credentialing (CVE-2026-22013)

* JDK: Enhance Path Factories Redux (CVE-2026-22016)

* JDK: Enhance Zip file reading (CVE-2026-22018)

* JDK: Enhance certificate chain validation (CVE-2026-22021)

* JDK: Updating FreeType 2.14.1 (CVE-2026-23865)

* JDK: Enhance TLS connection handling (CVE-2026-34282)

* JDK: Enhance key generation (CVE-2026-34268)

This release also updates a number of third-party libraries included in the JDK. The libraries themselves are affected by the following CVEs, but this is not a statement that the JDK itself is affected:

* giflib: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740)

* libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)

* libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)

Bug Fix(es):

* When copying files, OpenJDK 25 prefers to use the copy_file_range native function for performance reasons, only falling back to sendfile when this fails. However, in previous OpenJDK 25 releases, a response of EOPNOTSUPP (operation not supported) did not cause the JDK to fall back to sendfile. This is rectified in this release. (Rocky Linux-169939, Rocky Linux-169937)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2451819 2451805 2460029 2460041 2460038 2460043 2460039 2448747 2460042 2460040 2443891 2460044

CVEs

CVE-2026-22007 CVE-2026-22008 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865 CVE-2026-26740 CVE-2026-33416 CVE-2026-33636 CVE-2026-34268 CVE-2026-34282

Affected packages

Rocky Linux 10 aarch64 - AppStream

java-25-openjdk-debugsource-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-devel-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-1:25.0.3.0.9-1.el10_1.src.rpm java-25-openjdk-headless-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-javadoc-zip-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-src-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-demo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-crypto-adapter-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-javadoc-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-devel-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-static-libs-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-jmods-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-headless-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-crypto-adapter-1:25.0.3.0.9-1.el10_1.aarch64.rpm

Rocky Linux 10 x86_64 - AppStream

java-25-openjdk-crypto-adapter-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-demo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-1:25.0.3.0.9-1.el10_1.src.rpm java-25-openjdk-javadoc-zip-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-jmods-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-headless-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-debugsource-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-src-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-javadoc-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-headless-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-crypto-adapter-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-devel-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-static-libs-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-devel-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm

Rocky Linux 10 ppc64le - CRB

java-25-openjdk-devel-slowdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-jmods-fastdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-src-slowdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-demo-slowdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-jmods-slowdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-headless-fastdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-devel-fastdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-demo-fastdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-crypto-adapter-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-headless-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-fastdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-slowdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-src-fastdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-static-libs-slowdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-headless-slowdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-headless-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-devel-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-static-libs-fastdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-crypto-adapter-slowdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-devel-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-crypto-adapter-fastdebug-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-crypto-adapter-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm

Rocky Linux 10 x86_64 - CRB

java-25-openjdk-demo-slowdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-devel-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-jmods-slowdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-demo-fastdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-static-libs-slowdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-crypto-adapter-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-headless-fastdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-devel-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-devel-slowdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-static-libs-fastdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-headless-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-jmods-fastdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-src-fastdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-crypto-adapter-fastdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-crypto-adapter-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-headless-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-headless-slowdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-crypto-adapter-slowdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-devel-fastdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-src-slowdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-slowdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm java-25-openjdk-fastdebug-1:25.0.3.0.9-1.el10_1.x86_64.rpm

Rocky Linux 10 aarch64 - CRB

java-25-openjdk-fastdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-static-libs-slowdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-devel-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-headless-slowdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-devel-fastdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-devel-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-demo-slowdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-crypto-adapter-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-jmods-slowdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-slowdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-src-fastdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-devel-slowdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-headless-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-headless-fastdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-crypto-adapter-fastdebug-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-crypto-adapter-fastdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-src-slowdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-headless-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-demo-fastdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-static-libs-fastdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-crypto-adapter-slowdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm java-25-openjdk-jmods-fastdebug-1:25.0.3.0.9-1.el10_1.aarch64.rpm

Rocky Linux 10 s390x - CRB

java-25-openjdk-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-devel-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-headless-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-src-slowdebug-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-static-libs-slowdebug-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-jmods-slowdebug-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-devel-slowdebug-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-headless-slowdebug-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-crypto-adapter-slowdebug-debuginfo-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-slowdebug-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-crypto-adapter-slowdebug-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-demo-slowdebug-1:25.0.3.0.9-1.el10_1.s390x.rpm

Rocky Linux 10 ppc64le - AppStream

java-25-openjdk-1:25.0.3.0.9-1.el10_1.src.rpm java-25-openjdk-headless-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-static-libs-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-demo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-devel-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-crypto-adapter-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-jmods-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-javadoc-zip-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-devel-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-src-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-javadoc-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-headless-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-debugsource-1:25.0.3.0.9-1.el10_1.ppc64le.rpm java-25-openjdk-crypto-adapter-debuginfo-1:25.0.3.0.9-1.el10_1.ppc64le.rpm

Rocky Linux 10 s390x - AppStream

java-25-openjdk-1:25.0.3.0.9-1.el10_1.src.rpm java-25-openjdk-src-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-javadoc-zip-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-static-libs-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-debugsource-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-headless-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-headless-debuginfo-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-devel-debuginfo-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-debuginfo-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-crypto-adapter-debuginfo-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-demo-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-javadoc-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-crypto-adapter-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-devel-1:25.0.3.0.9-1.el10_1.s390x.rpm java-25-openjdk-jmods-1:25.0.3.0.9-1.el10_1.s390x.rpm