java-21-openjdk-21.0.10.0.7-1.el8.ML.1

エラータID: AXSA:2026-129:02

Release date: 
Tuesday, February 3, 2026 - 16:55
Subject: 
java-21-openjdk-21.0.10.0.7-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the
OpenJDK 21 Java Software Development Kit.

Security Fix(es):

JDK: Improve JMX connections (CVE-2026-21925)
JDK: Improve HttpServer Request handling (CVE-2026-21933)
JDK: Enhance Certificate Checking (CVE-2026-21945)
libpng: LIBPNG buffer overflow (CVE-2025-64720)
libpng: LIBPNG heap buffer overflow (CVE-2025-65018)

Bug Fix(es):

When using a P11SecretKey for both signing and encryption in FIPS mode, the
FIPS PKCS11 provider would fail with a CKR_ATTRIBUTE_VALUE_INVALID error. This
was due to the default configuration not applying the CKA_ENCRYPT=true attribute
to the key. The configuration in this release is updated to include this
attribute. (RHEL-142860, RHEL-142876, RHEL-142877, RHEL-142878, RHEL-142879,
RHEL-142880)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2025-64720
CVE-2025-65018
CVE-2026-21925
CVE-2026-21933
CVE-2026-21945

Solution: 

Update packages.

CVEs: 
CVE-2025-64720
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
CVE-2025-65018
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
CVE-2026-21925
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2026-21933
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVE-2026-21945
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-21-openjdk-21.0.10.0.7-1.el8.ML.1.src.rpm
    MD5: dd3128bde4c2a5ef601d95fb7055bae9
    SHA-256: d37aed5695c3a8f153ec0de3b3b0be7d83b7f7c9b8e6d404c5e5af9da2f73bd6
    Size: 67.81 MB

Asianux Server 8 for x86_64
  1. java-21-openjdk-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: f1c79327b7456c90ceb5e5d906171b79
    SHA-256: 97565864582838be6acc0b7fb41cc9677d29cb77fb8a813a9793cd4ed828e1ed
    Size: 423.36 kB
  2. java-21-openjdk-demo-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: a299a0e6617317eb4d933984efa9621a
    SHA-256: c2e196784003757ff260c6274f9edce1ad05f9f72c2096ad512a42fb1db23ce1
    Size: 3.18 MB
  3. java-21-openjdk-demo-fastdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 496a78e18b1a9802db7c3cbc24670b34
    SHA-256: fc1a56d6e6f7553df98ecd7349884d315f7c66596c56203e92605a2708de9633
    Size: 3.18 MB
  4. java-21-openjdk-demo-slowdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: cd485c724091ee04645bed0b211f05c0
    SHA-256: 5aef2eaf584b9ac5eabb1541010efb38eb359f569bac7b682ed8becb2fc201fe
    Size: 3.18 MB
  5. java-21-openjdk-devel-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 9cb8792987e1bab5e33f934f764d66ce
    SHA-256: cda4b2438b095597b525a429a7277fcf000686784b1c5ead3c664cc1bc5b6e35
    Size: 5.17 MB
  6. java-21-openjdk-devel-fastdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 6d8152ff431bfafb51f8b4e2c725034c
    SHA-256: 627c7d4f56faa12ae08a1737e608dd6c8a227ca6f105e6232d3da47aef8019af
    Size: 5.17 MB
  7. java-21-openjdk-devel-slowdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 6db4151659a99c350085b5a2fcb32023
    SHA-256: 626acc582992f2ad34b57132c0b9a070d5c61b5bdf61dbef9dd85d119b9bf908
    Size: 5.17 MB
  8. java-21-openjdk-fastdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 5f81316a522f8351caead19c9fec27c2
    SHA-256: 83729ae0f33536f2e84c52f8eeee2406e0f8f56e821e134dcc0811dd2f9ce2e1
    Size: 433.14 kB
  9. java-21-openjdk-headless-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 640795e1e2ee4693937e7b2797380b26
    SHA-256: d867080a5a167b70c4880336cfe1e54a02343b88c654e7933b59dbf8c50704f6
    Size: 49.46 MB
  10. java-21-openjdk-headless-fastdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 88e2af4a42635ca33d5f189cc6bab78b
    SHA-256: 06fa98d612d1f752973efc3f617f70968d41307e8e126196b9fbe30712aa9433
    Size: 54.24 MB
  11. java-21-openjdk-headless-slowdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 59033faaa46c860277f6200153ef35ec
    SHA-256: d6c0a85ce51832a5a81686c9b711e50565325bc9cbe52dac40e136122e66c6ba
    Size: 53.42 MB
  12. java-21-openjdk-javadoc-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 316299c5c8e4c6fa004beacc7a4ac514
    SHA-256: 08ed394ca5679deded4a9bfd9c0874ca022efc5f68429e6df0b613146651613b
    Size: 16.40 MB
  13. java-21-openjdk-javadoc-zip-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 2bc7ceec07973d74a1451997f3199b08
    SHA-256: d5eefab2c8ce21d5849f511e35157fbe5c61ead34517dc11b9dfbc9bae657d13
    Size: 41.52 MB
  14. java-21-openjdk-jmods-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: b54f06244c12aaccc08824944593744d
    SHA-256: 7084b576a4965ef93eb880539c063506f07d020b94b4a7fa1f7ae2699f4a4a02
    Size: 307.68 MB
  15. java-21-openjdk-jmods-fastdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 938199ff316ed5688917d5e5f06112ba
    SHA-256: c3801285fb2da1f214f8f7165f82aaac5a845a32ef05c554bce0eca663cec04f
    Size: 362.62 MB
  16. java-21-openjdk-jmods-slowdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: abadb21931c4d9abc74264a4a2ab2b5f
    SHA-256: 3976be021c66f79bd05e73280fd5afc56994eb835319b16d418691dc68edbf2e
    Size: 284.57 MB
  17. java-21-openjdk-slowdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: ede2fce0304c302253bb81962225d479
    SHA-256: 97040696b31671287f3af335493715677f1b5ef4e7ae4589375dc621c195e696
    Size: 441.73 kB
  18. java-21-openjdk-src-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 1daae0766e8b9ffc27b27e51744fc1fc
    SHA-256: b9d3d89a31c47f156b1e1d532f7186e8614bfd15fdf09b02ee897ffd794c9752
    Size: 47.41 MB
  19. java-21-openjdk-src-fastdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: d058d89e14797ac98a4a12260be4cf51
    SHA-256: 6bd8ccce61777c13e390a5bef7d695f1bbfc3a201f58cb33a29bab884872de0f
    Size: 47.41 MB
  20. java-21-openjdk-src-slowdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 33fee9c7c13401b8149512e597c824c9
    SHA-256: 1fe30155495869dcdf3f419c9d8fb51c2b1ef74ce50bbb99e163ad7648b50b2b
    Size: 47.41 MB
  21. java-21-openjdk-static-libs-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 12005a9db740398896a6acb0aaa4b07c
    SHA-256: 8189bebdcd74ecda4bdc0e9031085a21b486f57bb55e312cb6fb1a237493eaf3
    Size: 32.68 MB
  22. java-21-openjdk-static-libs-fastdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 7f82b3b5e36f41752151e5c48c891b6d
    SHA-256: 04de5de7934bf20a1c66e9baf4f35d07eb776028c062df81f3c5d6d3af5a797c
    Size: 32.86 MB
  23. java-21-openjdk-static-libs-slowdebug-21.0.10.0.7-1.el8.ML.1.x86_64.rpm
    MD5: be37a83fbe89bc640c03f58b92fe6046
    SHA-256: 93f725aa89bf5e733a59ce037a8d6110d33f008ca513d42d2a06fbcf4adc0da6
    Size: 26.26 MB