java-1.8.0-openjdk-1.8.0.492.b09-1.el8

エラータID: AXSA:2026-545:07

Release date: 
Tuesday, May 5, 2026 - 04:22
Subject: 
java-1.8.0-openjdk-1.8.0.492.b09-1.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment
and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

JDK: Enhance crypto algorithm support (CVE-2026-22007)
JDK: Improve Kerberos credentialing (CVE-2026-22013)
JDK: Enhance Path Factories Redux (CVE-2026-22016)
JDK: Enhance Zip file reading (CVE-2026-22018)
JDK: Enhance certificate chain validation (CVE-2026-22021)
JDK: Updating FreeType 2.14.1 (CVE-2026-23865)
JDK: Enhance key generation (CVE-2026-34268)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2026-22007
CVE-2026-22013
CVE-2026-22016
CVE-2026-22018
CVE-2026-22021
CVE-2026-23865
CVE-2026-34268

Solution: 

Update packages.

CVEs: 
CVE-2026-22007
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2026-22013
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).
CVE-2026-22016
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2026-22018
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2026-22021
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2026-23865
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
CVE-2026-34268
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.492.b09-1.el8.src.rpm
    MD5: 352534d97cf8cbaa406bb9d3ec5d325b
    SHA-256: 519e08a89257474ca2b6052543358252b4d00b6e9803772c1baf2f7c8b14512a
    Size: 58.63 MB

Asianux Server 8 for x86_64
  1. java-1.8.0-openjdk-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: c54f77d528d7ef4ba74dcbd9a1e418da
    SHA-256: bd27503f8501d0abd633012ed177b3f90acc8edeb99639fee1ce5839d8685a24
    Size: 560.35 kB
  2. java-1.8.0-openjdk-accessibility-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 496a8b19242f12fe788685d2e4a166b6
    SHA-256: 8bdc4b2020b86ff37715fb22dfb5bb0f3e5eb726dac272ca2cd4aa77673a9837
    Size: 132.12 kB
  3. java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 9db9e9d386bbc23d3a54d33aba8444d3
    SHA-256: 9d9e8046fa0f1526eb4b2595a00e7e5653fa7e26a967ad49612102b5f794ab2d
    Size: 131.97 kB
  4. java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 7f9a3a87d85b1fa3093cf0188e70a27c
    SHA-256: 41b39ba0b9dd9385ba5ca36a0e19c79ea96116c6cc9dca6f3bb266b8c2b814c7
    Size: 131.98 kB
  5. java-1.8.0-openjdk-demo-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 4f30382ba98d5822e388cdf5e7cb75f9
    SHA-256: 404458b1dfb664e05a6b6abfeae7bde2757907121bb33e42daf3fe6750527289
    Size: 2.09 MB
  6. java-1.8.0-openjdk-demo-fastdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 84bdbd1a5b17f867262602366578b39a
    SHA-256: 55dd451248760bbed91bf9e4939a061d98b629425ac2948a8181503bd8283c9a
    Size: 2.11 MB
  7. java-1.8.0-openjdk-demo-slowdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 61a8e26983dab18af7ba068bacf8827b
    SHA-256: d02e1a5cf83cd7259ffb29c07f99fda861bf793fffda58ad8fc7790350e9c1ea
    Size: 2.11 MB
  8. java-1.8.0-openjdk-devel-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 6d9a059d38f1ec3b429718ef996091bb
    SHA-256: a9713c2a1c42725bcaad8b7559918fd062e849e94de77b051ec8bd3d2f353180
    Size: 9.97 MB
  9. java-1.8.0-openjdk-devel-fastdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 912cad1adb7f565bf68b21fb109b6f81
    SHA-256: 5256029caabd21bac6225433c168d531f7078a5851006408fdfbf8bb056c9bde
    Size: 9.97 MB
  10. java-1.8.0-openjdk-devel-slowdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: cf63ecaf532838af7486d87c8a7db83d
    SHA-256: f3bfef97c4561d081d811cf907b2a0efb200a4e26c7712f4a57ebd87eeddcbbc
    Size: 9.98 MB
  11. java-1.8.0-openjdk-fastdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: fd49d50c5c888cf186a84563d7a99826
    SHA-256: cbefa9e2e4d6489a89e8f874a8cbe322fb728fc5d1c7c089f5f4f20d7fd15248
    Size: 574.00 kB
  12. java-1.8.0-openjdk-headless-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 04aa20a1f0ba976aa81b54b14a4233ec
    SHA-256: 2609eb9b882fa2a0024cda0c407f9ff7cad3f9d675b4caa770fd1dfdb593f10a
    Size: 34.93 MB
  13. java-1.8.0-openjdk-headless-fastdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 9c8396620b4410b5bb9758b4355aae0f
    SHA-256: 8cc0245984f63f9268fd09ebca82354fd35b433703f71e1707122e21d2d35128
    Size: 38.58 MB
  14. java-1.8.0-openjdk-headless-slowdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 709e8d980ef52090609867523da88408
    SHA-256: f3be8fce36b1db0f1e11e12d6d3c938efebc0d0d14169fd0ba7e813a71d31c85
    Size: 36.77 MB
  15. java-1.8.0-openjdk-javadoc-1.8.0.492.b09-1.el8.noarch.rpm
    MD5: 14040dd96b541e5063f9c50e069c0866
    SHA-256: 6591247b073baa8ca8a3ed58107794e270ea5f129f923e3f08b78ec584a16d50
    Size: 15.21 MB
  16. java-1.8.0-openjdk-javadoc-zip-1.8.0.492.b09-1.el8.noarch.rpm
    MD5: 8216cd04d9f5d1c126bc5b230838d78c
    SHA-256: 990f6331d6c3d81c204428d13921b887a713316bb7b4324b3172d56880d54de6
    Size: 41.73 MB
  17. java-1.8.0-openjdk-slowdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 75153886d4934ddb0ca67524136a7ae5
    SHA-256: cfb3cad8ab356185feb5d0efe148d8ad9cf577ee2cc814b1f46f4e03e817c310
    Size: 550.34 kB
  18. java-1.8.0-openjdk-src-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 542c5970ac2b85f33f6c871c27e2898d
    SHA-256: b3e4f67629a04b4492e906423afa2a5e58a49cc340fea7848dcc3b92e511bcf0
    Size: 45.55 MB
  19. java-1.8.0-openjdk-src-fastdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 5f4b4d72033b6d28bff002995be85770
    SHA-256: 676081d706a8d23c82ec792a51cfcd4b8ea00b9ef99464da295baaa9b9763571
    Size: 45.55 MB
  20. java-1.8.0-openjdk-src-slowdebug-1.8.0.492.b09-1.el8.x86_64.rpm
    MD5: 2a8a5b738e983c5c52477ab46be18b38
    SHA-256: d6f992f4c66fc974f0155a704f4f6a1e934d490bf8063b45ac4098fbf9b14752
    Size: 45.55 MB