- What: Security update for Java 11 OpenJDK ELS
- Impact: Systems running Red Hat Enterprise Linux 7, 8, and 9
Red Hat Product Errata RHSA-2026:9254 - Security Advisory Issued: 2026-04-22 Updated: 2026-04-22 RHSA-2026:9254 - Security Advisory Overview Updated Packages Synopsis Important: Java 11 OpenJDK ELS Security Update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for java-11-openjdk with Extended Lifecycle Support is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Red Hat Enterprise Linux 9. Description The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release contains OpenJDK 11 with Extended Lifecycle Support for Red Hat Enterprise Linux versions 7, 8, and 9. Security Fix(es): JDK: LIBPNG: out-of-bounds read in png_image_read_composite (CVE-2025-66293) JDK: LIBPNG: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801) JDK: LIBPNG: has a heap buffer overflow in png_set_quantize (CVE-2026-25646) JDK: GIFLIB: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740) JDK: LIBPNG: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) JDK: LIBPNG: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) JDK: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695) JDK: (CVE-2026-22007) JDK: (CVE-2026-22016) JDK: (CVE-2026-22013) JDK: (CVE-2026-22018) JDK: (CVE-2026-22021) JDK: (CVE-2026-34268) JDK: (CVE-2026-34282) JDK: (CVE-2026-23865) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 Affected Products OpenJDK Java Extended Life Cycle Support 11 for RHEL 9 x86_64 OpenJDK Java Extended Life Cycle Support 11 for RHEL 9 s390x OpenJDK Java Extended Life Cycle Support 11 for RHEL 9 ppc64le OpenJDK Java Extended Life Cycle Support 11 for RHEL 9 aarch64 OpenJDK Java Extended Life Cycle Support 11 for RHEL 8 x86_64 OpenJDK Java Extended Life Cycle Support 11 for RHEL 8 s390x OpenJDK Java Extended Life Cycle Support 11 for RHEL 8 ppc64le OpenJDK Java Extended Life Cycle Support 11 for RHEL 8 aarch64 OpenJDK Java Extended Life Cycle Support 11 for RHEL 7 x86_64 OpenJDK Java Extended Life Cycle Support 11 for RHEL 7 s390x Fixes (none) CVEs CVE-2025-66293 CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-22695 CVE-2026-22801 CVE-2026-23865 CVE-2026-25646 CVE-2026-26740 CVE-2026-33416 CVE-2026-33636 CVE-2026-34268 CVE-2026-34282 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. OpenJDK Java Extended Life Cycle Support 11 for RHEL 9 SRPM java-11-openjdk-11.0.31.0.11-1.el9.src.rpm SHA-256: 2188ead42123ae948daa947ea368594af43fdc36340998828e925bb769594c4c x86_64 java-11-openjdk-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 9e537813fd25a4751d622ae73231e5e20332a2cf14823a2b08da7419ecba1e39 java-11-openjdk-debuginfo-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 5872ce7c3abe5f7528c664aab8ff5d2bfaf51529296333f04a9545700cb8c072 java-11-openjdk-debugsource-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: f343b2471e3d2ac7173c2fe13d111dcfcb3630cb298e0ddbb274435cf9dfc102 java-11-openjdk-demo-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 108b2743fda12103c75b48c33e45d8df6b444d05cb05045009775d8cdf87c9b2 java-11-openjdk-demo-fastdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: e4cceb21dfb88ef6f2d907041aea48f614a6ae9aac7d0c484d6479f837e4797f java-11-openjdk-demo-slowdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 00b834ba1f7833e9da80824d089dadd37d2094ca4ac896d4156ed525d90cbf53 java-11-openjdk-devel-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: b5c743e3f4107e472f05e7d769daa6c0622cda194d497c949687bcadb612c1c5 java-11-openjdk-devel-debuginfo-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: ea18c3b5a271cf5a64c63dff0173e762699e363129f6a268612b95c328414fea java-11-openjdk-devel-fastdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 2b76b40f86a6ab208df8888bfc794dd5122fce9b2112e2f5419dab44ade83b9a java-11-openjdk-devel-fastdebug-debuginfo-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: f96db57d676126265c3bbebdb45ea5ea0067f96386995118890eb26275592afb java-11-openjdk-devel-slowdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 536bcf84f0bbeb82b46ca68b3b5bfdd39f9abefabc0b40f11bcfe12b2b866fc8 java-11-openjdk-devel-slowdebug-debuginfo-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: a226537d04cc6f5cffa3eb455ab5a829027cb308891f2c0b3fef584ca3acaf73 java-11-openjdk-fastdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 0f48013ff3260c9aac342ee20933d97433a34d97e6bb024ca3b070f41d808eff java-11-openjdk-fastdebug-debuginfo-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: b9cb4ee5a386b89408d912a1c59297ed18036ce068db3c01e44018693fce1460 java-11-openjdk-headless-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 1b86aca9e2b604fe5452affeeda983ac0227b197e06a21d93c7cbc16547d0f83 java-11-openjdk-headless-debuginfo-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: a192f51dfae63bb999988504a3b2252f4016c16c40a6daea43e9f90d227f6d87 java-11-openjdk-headless-fastdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 1d11dd81a67bdffbdad59c8cc641d6a4fe5190ad7033e8a3be7b5145f6fe1ced java-11-openjdk-headless-fastdebug-debuginfo-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: a93bf1fdf6566c4e15c8105a483ca39d2b9e3eca49e04c3e73e2cdbdf52a9907 java-11-openjdk-headless-slowdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: a4a0ca22a2c708a227884ff308a730c3f8b10e3155d10131691a78b0cab506ca java-11-openjdk-headless-slowdebug-debuginfo-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: f93889458fe0919bf086c06ff9fb8f270b561ddaaf8735f0630b046119ce69f1 java-11-openjdk-javadoc-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 493a1b90f61f6e0a6d5753abda03036cc03e92660cdfd711b4eae2db2e9b8327 java-11-openjdk-javadoc-zip-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 437be4a7b68e16ca0f8e6595bdbe46f1673249d101d4c8b20aedbeb197563300 java-11-openjdk-jmods-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 88d0b9dfe133bb5e687702e812bb8307a23ebf7bf39bdd853c9d548a17d4ba7f java-11-openjdk-jmods-fastdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 7b265b2eeae96847bd62c19457bd3255f1119c60ddba4494581581b8a4251aaf java-11-openjdk-jmods-slowdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 65211cb86a3cf610ef9fb5aa50482919500acca4a5b8d87762fe8033dc34aa72 java-11-openjdk-slowdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 6bc26a3cc08e7ed8862f44bb2ee2c251ce024eb55819f57fa256f4cd2ca979f9 java-11-openjdk-slowdebug-debuginfo-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: af86a394aa65a86d37a0494d4d2c723f79d0dc33fcf7baa8180c828b39aae909 java-11-openjdk-src-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: abd37b19e4a750d967fc1296dad6f9429db15e09ec69bdea9ee26ac8595a1694 java-11-openjdk-src-fastdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 88a2b6cfd9149b15927eb4e5d7ba5eb6354d5396feaa7b3d3c05d01944f695a6 java-11-openjdk-src-slowdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: c76ea699b6e644a0717668d78825ea9e7a05e7162472e16e4436608b76649802 java-11-openjdk-static-libs-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: b9785ef6ff792d73f025b04d6c9c56d71ec7553ac5c4a6fe9fbd17f322e9fdc0 java-11-openjdk-static-libs-fastdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 5ec3e4263fb3bd70039bafc1259eaab4027c477b5ace7feb01634bf011f10f3e java-11-openjdk-static-libs-slowdebug-11.0.31.0.11-1.el9.x86_64.rpm SHA-256: 967e06ad4965b3f18bce56e88efc47f04fb6efa1ab6b61d85ebace213a14131f s390x java-11-openjdk-11.0.31.0.11-1.el9.s390x.rpm SHA-256: 81fd1e84090e9c393d83f3fa235cadbd7dca920fd886727c8f819575d040c11d java-11-openjdk-debuginfo-11.0.31.0.11-1.el9.s390x.rpm SHA-256: 188fccac8112db31d32534f91b651547dc5e7e51b3aeeef72be4e4460738bbe1 java-11-openjdk-debugsource-11.0.31.0.11-1.el9.s390x.rpm SHA-256: 02176bec3c8bd910a0a6887fb6fbc33cdc3f331d62fea0147af9b141335decfa java-11-openjdk-demo-11.0.31.0.11-1.el9.s390x.rpm SHA-256: d031ff50727fd8fb202eaa591c3d6f4acd9a4a1d97dfb2c85888d950d9ae116b java-11-openjdk-demo-slowdebug-11.0.31.0.11-1.el9.s390x.rpm SHA-256: 45bd2a7b356c8e4915f0c76b1c4d199f026f5df8142bf5d66627977334825bdb java-11-openjdk-devel-11.0.31.0.11-1.el9.s390x.rpm SHA-256: 7d90ac551eb8ead25deef2eec62bb17e0b9b1e81322d6eb4159b27451c643346 java-11-openjdk-devel-debuginfo-11.0.31.0.11-1.el9.s390x.rpm SHA-256: 2f0e487eb2f71fce38419e00f9897e77d04e9afeecd7816e7743e1c72f2c12ed java-11-openjdk-devel-slowdebug-11.0.31.0.11-1.el9.s390x.rpm SHA-256: 244e08673e31e697349b609262f2e46048d7ba952ecf194954c2148caa0737c8 java-11-openjdk-devel-slowdebug-debuginfo-11.0.31.0.11-1.el9.s390x.rpm SHA-256: 763acffa93b4db409aae445910009ae84984f6204a5f48c91834b19b6517ff7f java-11-openjdk-headless-11.0.31.0.11-1.el9.s390x.rpm SHA-256: df4393180bc31cef5e640d3a0fdbafe11b32f20140a703f84a16aa333db58d19 java-11-openjdk-headless-debuginfo-11.0.31.0.11-1.el9.s390x.rpm SHA-256: dca8cc0426abf6490244acc8a021d19c08f13ce6895e609ff3ab56d644158d8e java-11-openjdk-headless-slowdebug-11.0.31.0.11-1.el9.s390x.rpm SHA-256: 3eafbd1c42cb8c22f979c74c5ba4485f3405fd7eac81a60842ee4741583a2cf4 java-11-openjdk-headless-slowdebug-debuginfo-11.0.31.0.11-1.el9.s390x.rpm SHA-256: a6049e048a4b0c2857bebc4527ad413c1c83e5973758e27b669c31279850ffc3 java-11-openjdk-javadoc-11.0.31.0.11-1.el9.s390x.rpm SHA-256: faccf49317931291a5463775b1263d16746f0ff703d27dfe65bca4def0978821 java-11-openjdk-javadoc-zip-11.0.31.0.11-1.el9.s390x.rpm SHA-256: ce0237cd9ddd5d0ae3b34e798c534dc773b84a0a4d901a6ebdfeaa4d3bc7aba6 java-11-openjdk-jmods-11.0.31.0.11-1.el9.s390x.rpm SHA-256: a6ce098badf3c0138362685a4adb3a37f2ea90a850bdb18c4c608821de2ab13e java-11-openjdk-jmods-slowdebug-11.0.31.0.11-1.el9.s390x.rpm SHA-256: 27eda4