java-21-openjdk-21.0.11.0.10-1.el8.ML.1

エラータID: AXSA:2026-578:05

Release date: 
Monday, May 11, 2026 - 10:02
Subject: 
java-21-openjdk-21.0.11.0.10-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the
OpenJDK 21 Java Software Development Kit.

Security Fix(es):

JDK: Enhance crypto algorithm support (CVE-2026-22007)
JDK: Improve Kerberos credentialing (CVE-2026-22013)
JDK: Enhance Path Factories Redux (CVE-2026-22016)
JDK: Enhance Zip file reading (CVE-2026-22018)
JDK: Enhance certificate chain validation (CVE-2026-22021)
JDK: Updating FreeType 2.14.1 (CVE-2026-23865)
JDK: Enhance TLS connection handling (CVE-2026-34282)
JDK: Enhance key generation (CVE-2026-34268)

Bug Fix(es):

When copying files, OpenJDK 21 prefers to use the copy_file_range native
function for performance reasons, only falling back to sendfile when this fails.
However, in previous OpenJDK 21 releases, a response of EOPNOTSUPP (operation
not supported) did not cause the JDK to fall back to sendfile. This is rectified
in this release. (RHEL-169617, RHEL-169951, RHEL-169952, RHEL-169942,
RHEL-169953, RHEL-169945)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2026-22007
CVE-2026-22013
CVE-2026-22016
CVE-2026-22018
CVE-2026-22021
CVE-2026-23865
CVE-2026-34268
CVE-2026-34282

Solution: 

Update packages.

CVEs: 
CVE-2026-22007
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2026-22013
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).
CVE-2026-22016
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2026-22018
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2026-22021
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2026-23865
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
CVE-2026-34268
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2026-34282
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-21-openjdk-21.0.11.0.10-1.el8.ML.1.src.rpm
    MD5: 1618efe885c0d77c1585054be0f1cbe4
    SHA-256: 5d9df0353cbcbe76d578030806fba4ea103ef66d72652b2ff7fa7db9f6cbe0b6
    Size: 67.94 MB

Asianux Server 8 for x86_64
  1. java-21-openjdk-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: cb2dc93e1ccff1d13f2208e993de9701
    SHA-256: bcf14a40e5877eba7f1dcc26da982c54556bc01ddd58a02277737368890cf864
    Size: 425.90 kB
  2. java-21-openjdk-demo-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 6719a57d6b487fe49a118bf6c6d5c390
    SHA-256: 86cdf0c5044d87cd3855943e028e545c73e6eb2815e0dc701509aaf8375dce0b
    Size: 3.20 MB
  3. java-21-openjdk-demo-fastdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 166f3f1e9325f78a1ea68414aa016fae
    SHA-256: 9afc54fa2934a3bc8dc35719a118523a69d4f9a8e4c95e67a1fc59bdcc746e2f
    Size: 3.20 MB
  4. java-21-openjdk-demo-slowdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 16bb643a33ea483652a61507b3721b8d
    SHA-256: e57be79ee4589afa42898d1d22e197a82f34949ca8399508366a0475e3976fc6
    Size: 3.20 MB
  5. java-21-openjdk-devel-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 6b2e7074fbeb8e5feaaa05d7388a925b
    SHA-256: e6e24b38aeac14d4ce56d39075204ddecb4cb6ee67d014f9691b471664598328
    Size: 5.17 MB
  6. java-21-openjdk-devel-fastdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: a38e0675bd3311a8eeb72f0749640271
    SHA-256: a2ab71d30792cec348aa77548019342a8b2aba7acdff05dfa56cd39fdd9cf49b
    Size: 5.17 MB
  7. java-21-openjdk-devel-slowdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 911cc70a714aa5204620bd479becfc80
    SHA-256: dc65fd487d772d78b39bf0a671851400be60b1f289d75d345ba7494e2f5a9563
    Size: 5.17 MB
  8. java-21-openjdk-fastdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 35db1a5be2812ad0241405cd09d3b7f8
    SHA-256: 05b18dc18bff16b366585943eba79b9126a19b66e9b5636f09ff6ac1f837bb78
    Size: 435.39 kB
  9. java-21-openjdk-headless-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 889b94bd4fb4d5dfac263e4c0be7747f
    SHA-256: 0d91361977e1c04ea1539815ceb9d5dfcbb9298711e05d5df038e8292c79d9d4
    Size: 49.55 MB
  10. java-21-openjdk-headless-fastdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: bd3db682561c8a75c90b230b07c4ebd4
    SHA-256: be0820358469da23d0491ff2102952c4f86132efba48d610150ee62d74fae319
    Size: 54.33 MB
  11. java-21-openjdk-headless-slowdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: f0cf6cee686003e7c2b956c741f98009
    SHA-256: 76c4f6b5d63feec1fa2b9fed0c0e21cc632eab8024d902bf9eba65b4c836736e
    Size: 53.51 MB
  12. java-21-openjdk-javadoc-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: bb2a0d62762889de460b0f1449d26afa
    SHA-256: c1c05afa22a33df1dab13c21792030251438ecd49eae1a44708a3dcb9e6445a6
    Size: 16.43 MB
  13. java-21-openjdk-javadoc-zip-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 0e34d3d9348363acd564907b38fd2688
    SHA-256: 98f41fc02367290d54e90ea6290f4f4beb8d6857ac0b4919d3c5b1f3ce552cf5
    Size: 41.59 MB
  14. java-21-openjdk-jmods-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: c9e357b41d645b55300cb7899f45ad1d
    SHA-256: 805d08385ae56be507efb9dbd1b345395f5c09fa104de9650fc613532aca8676
    Size: 308.64 MB
  15. java-21-openjdk-jmods-fastdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: af81e34dbe3777d6b50ca73f24474d8b
    SHA-256: 3472275e155d4ed3756327a4bbb8ca9d0cbe8a55d6eb1f6e6c742c92a8b6f58a
    Size: 363.71 MB
  16. java-21-openjdk-jmods-slowdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 6f0ab1d9e6bd998d7d83b6da1ce88df4
    SHA-256: dfcdc8fa98e17357a1c6cfc1720cc335e08d19c9fc429d4016fc6ddf4e297b4f
    Size: 285.59 MB
  17. java-21-openjdk-slowdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 122f6b7a6c98ff265bd781514d78d854
    SHA-256: 119b7c9cf447fa67c55ce9b54863c274e5c8a873423a06459d6270b54b6b7677
    Size: 444.43 kB
  18. java-21-openjdk-src-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 0b60b0946d629d8d7842aa615a5f85e5
    SHA-256: 1e71371b8795b6e93933dfc49bd533f00fa9c87977cfae06dacd8e6532ab6c18
    Size: 47.46 MB
  19. java-21-openjdk-src-fastdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: b88e3c68db53517eae5e56b652c4c088
    SHA-256: d64654c125715c868541f969e03bb048976443ce1f72413fcf7d63e101e57058
    Size: 47.46 MB
  20. java-21-openjdk-src-slowdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 1cab1544dfcc6c9e716863cfd8ebbd3a
    SHA-256: b808bd2ddb4f2a887f8f7edf358ce64b3d8e82feb7ac864eb6a0be943f7584dc
    Size: 47.46 MB
  21. java-21-openjdk-static-libs-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: c84db17da71714abceb38ad475a76606
    SHA-256: 638b2115b3b8288d3bd1b8a7fdf441e69ebd8b7621d4d7ff5e02e8aaa10c97fe
    Size: 34.04 MB
  22. java-21-openjdk-static-libs-fastdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: 1a311f76e28cab7c1b9c7f6f135ddde7
    SHA-256: 598fde48dc5011fcd4767fcb2d0420330c0a590fa4dcecf900ad7a6089c6ace8
    Size: 34.18 MB
  23. java-21-openjdk-static-libs-slowdebug-21.0.11.0.10-1.el8.ML.1.x86_64.rpm
    MD5: df5ecb3bbd8e2ffb4e0a546d8585a6d5
    SHA-256: c50ebd3ac233de38e3201b77d1a0403cab699e6db6cc9ce55b854f59e687539a
    Size: 27.58 MB