This Red Hat security advisory addresses multiple vulnerabilities in OpenJDK 8, including a high-severity flaw in Path Factories (CVE-2026-22016, CVSS 7.5), a medium-severity issue in Kerberos credentialing (CVE-2026-22013, CVSS 5.3), and a low-severity crypto algorithm weakness (CVE-2026-22007, CVSS 2.9). The update applies to the `java-1.8.0-openjdk` package for Red Hat Enterprise Linux 7 Extended Lifecycle Support, with the fixed version being `1.8.0.492.b09-1.el7_9`.
Red Hat Product Errata RHSA-2026:9682 - Security Advisory Issued: 2026-04-22 Updated: 2026-04-22 RHSA-2026:9682 - Security Advisory Overview Updated Packages Synopsis Important: java-1.8.0-openjdk security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): JDK: Enhance crypto algorithm support (CVE-2026-22007) JDK: Improve Kerberos credentialing (CVE-2026-22013) JDK: Enhance Path Factories Redux (CVE-2026-22016) JDK: Enhance Zip file reading (CVE-2026-22018) JDK: Enhance certificate chain validation (CVE-2026-22021) JDK: Updating FreeType 2.14.1 (CVE-2026-23865) JDK: Enhance key generation (CVE-2026-34268) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64 Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le Fixes (none) CVEs CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865 CVE-2026-34268 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 SRPM java-1.8.0-openjdk-1.8.0.492.b09-1.el7_9.src.rpm SHA-256: 3fff76415f672f912e0ab0a90f631972e47bf68768498b5b4f4410cf5883261f x86_64 java-1.8.0-openjdk-1.8.0.492.b09-1.el7_9.i686.rpm SHA-256: e3df15547798dd7e12fd0ab3bf698fd77786793e94b54f66f05f7f8882e894b7 java-1.8.0-openjdk-1.8.0.492.b09-1.el7_9.x86_64.rpm SHA-256: 2a3c4f538250e2ae55cfed8203d5692e08a3dc672d2e19b4d60dbd5644aab02d java-1.8.0-openjdk-accessibility-1.8.0.492.b09-1.el7_9.i686.rpm SHA-256: 83882fbaaa9965d2df5fb50078af868a5b947f65ccb6dbe5a39722e0d0df3607 java-1.8.0-openjdk-accessibility-1.8.0.492.b09-1.el7_9.x86_64.rpm SHA-256: ea14a7d89966d8797d90412f4a30c512ecd8596739aceb9def508870e1e1e4c3 java-1.8.0-openjdk-debuginfo-1.8.0.492.b09-1.el7_9.i686.rpm SHA-256: 85bcb8239eef21fa2f77e3b8ff3f71e842e166649b5d6fa8395097f8a615ed77 java-1.8.0-openjdk-debuginfo-1.8.0.492.b09-1.el7_9.i686.rpm SHA-256: 85bcb8239eef21fa2f77e3b8ff3f71e842e166649b5d6fa8395097f8a615ed77 java-1.8.0-openjdk-debuginfo-1.8.0.492.b09-1.el7_9.x86_64.rpm SHA-256: 40f81a3ef3160fc2d521752c8169b1289d388ce1857a75c0266022a8118f618f java-1.8.0-openjdk-debuginfo-1.8.0.492.b09-1.el7_9.x86_64.rpm SHA-256: 40f81a3ef3160fc2d521752c8169b1289d388ce1857a75c0266022a8118f618f java-1.8.0-openjdk-demo-1.8.0.492.b09-1.el7_9.i686.rpm SHA-256: 88b1acd0a8181e017e3557db89a81ec9af89adf91d10e6046a5b44de18138b55 java-1.8.0-openjdk-demo-1.8.0.492.b09-1.el7_9.x86_64.rpm SHA-256: 1114471aeca81926de4b92199fe8e6c331d416743c15b89cbc94ebd8718f52a8 java-1.8.0-openjdk-devel-1.8.0.492.b09-1.el7_9.i686.rpm SHA-256: ca63bfb0203679030d4ba2a8bd5e918c0a481b5b04cf8ea380f0321168ee6a78 java-1.8.0-openjdk-devel-1.8.0.492.b09-1.el7_9.x86_64.rpm SHA-256: 3c2e86b91f4680b897262beba9359337a99f7c960900dc679abb9f3839d6410b java-1.8.0-openjdk-headless-1.8.0.492.b09-1.el7_9.i686.rpm SHA-256: 628ffc6bc53adbd8eafaa4de82543cd0875f67bf4ec5d3802f4c8c8f81807183 java-1.8.0-openjdk-headless-1.8.0.492.b09-1.el7_9.x86_64.rpm SHA-256: c40c3cf08cfb50f0a0bd8be88f9e6839a256bfc3e12e603be6ee9c9bd22eb6dd java-1.8.0-openjdk-javadoc-1.8.0.492.b09-1.el7_9.noarch.rpm SHA-256: 85e6caee074a257fd1156ebb90a5e4ae15116eaab6b3597d35f19efb0d10e27d java-1.8.0-openjdk-javadoc-zip-1.8.0.492.b09-1.el7_9.noarch.rpm SHA-256: c15eda13e0cf0f0f24e7e5bf0619963465d61f66e7176e44a7b402d5ad7f9266 java-1.8.0-openjdk-src-1.8.0.492.b09-1.el7_9.i686.rpm SHA-256: 5273d92db209b5f50f7e1da38f48cd708c257ef3b69f2e4d01d034c57a863230 java-1.8.0-openjdk-src-1.8.0.492.b09-1.el7_9.x86_64.rpm SHA-256: ebcbcd04c29ca318a91cc52c7f1269b9da1672c5e8483a300a0fc1ffea30c7df Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 SRPM java-1.8.0-openjdk-1.8.0.492.b09-1.el7_9.src.rpm SHA-256: 3fff76415f672f912e0ab0a90f631972e47bf68768498b5b4f4410cf5883261f s390x java-1.8.0-openjdk-1.8.0.492.b09-1.el7_9.s390x.rpm SHA-256: c5c983f288798dc79836c6ad0d04ca43761c9007076d9cf6759d4a164929c263 java-1.8.0-openjdk-accessibility-1.8.0.492.b09-1.el7_9.s390x.rpm SHA-256: b8a2906c0b9aed4b6df620381433318fb1753bcf7ad9ae83d8813ccbbb75ef27 java-1.8.0-openjdk-debuginfo-1.8.0.492.b09-1.el7_9.s390x.rpm SHA-256: b2b895c780ad8e0530afa5bbb66735b7fe933509e4d4ae21cc8c6928a84b2183 java-1.8.0-openjdk-debuginfo-1.8.0.492.b09-1.el7_9.s390x.rpm SHA-256: b2b895c780ad8e0530afa5bbb66735b7fe933509e4d4ae21cc8c6928a84b2183 java-1.8.0-openjdk-demo-1.8.0.492.b09-1.el7_9.s390x.rpm SHA-256: 5c0038a58b859d517df15d573aadaf8e469805119bfd3dbfa18d63a8e7575b17 java-1.8.0-openjdk-devel-1.8.0.492.b09-1.el7_9.s390x.rpm SHA-256: abd7c25d50ed4afdb1f0b269a6839da9dc4faa3c48823ad5957c3fa48e5d94ed java-1.8.0-openjdk-headless-1.8.0.492.b09-1.el7_9.s390x.rpm SHA-256: 1fce00e950b2687123ea196887bdaefe92ec17052144b92155be5d60e8eb08d6 java-1.8.0-openjdk-javadoc-1.8.0.492.b09-1.el7_9.noarch.rpm SHA-256: 85e6caee074a257fd1156ebb90a5e4ae15116eaab6b3597d35f19efb0d10e27d java-1.8.0-openjdk-javadoc-zip-1.8.0.492.b09-1.el7_9.noarch.rpm SHA-256: c15eda13e0cf0f0f24e7e5bf0619963465d61f66e7176e44a7b402d5ad7f9266 java-1.8.0-openjdk-src-1.8.0.492.b09-1.el7_9.s390x.rpm SHA-256: d3bb748073bd3039841702807ad4f417c6a8dcf75fd0aa8b584fecc2ee2bb3c0 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 SRPM java-1.8.0-openjdk-1.8.0.492.b09-1.el7_9.src.rpm SHA-256: 3fff76415f672f912e0ab0a90f631972e47bf68768498b5b4f4410cf5883261f ppc64 java-1.8.0-openjdk-1.8.0.492.b09-1.el7_9.ppc64.rpm SHA-256: 0383c2f31d286c95d074fd68be2e8930af02b82d6bd78443ec184331035d63be java-1.8.0-openjdk-accessibility-1.8.0.492.b09-1.el7_9.ppc64.rpm SHA-256: aa98d6dde4d40783b1b8ed7c252a30d359b2dbea496c64452b4ea99375196ea3 java-1.8.0-openjdk-debuginfo-1.8.0.492.b09-1.el7_9.ppc64.rpm SHA-256: af1742ed349ede1e389b4fa40c9b64a89f22512460a07620eab4dda715f1f9f1 java-1.8.0-openjdk-debuginfo-1.8.0.492.b09-1.el7_9.ppc64.rpm SHA-256: af1742ed349ede1e389b4fa40c9b64a89f22512460a07620eab4dda715f1f9f1 java-1.8.0-openjdk-demo-1.8.0.492.b09-1.el7_9.ppc64.rpm SHA-256: 6fdf536a4250291ecf7a3d70a2627dbfb82458bccb53ff543a1e6d55f00143fb java-1.8.0-openjdk-devel-1.8.0.492.b09-1.el7_9.ppc64.rpm SHA-256: 69d3a3eabf58aa0e548bc9a9279562a010b905610397adace4ec2949ffe92fc4 java-1.8.0-openjdk-headless-1.8.0.492.b09-1.el7_9.ppc64.rpm SHA-256: 7fa5f92eea6039a92b3e2fee3cca9c4ac4f0fd5a85ca1f0a9544207a9448e365 java-1.8.0-openjdk-javadoc-1.8.0.492.b09-1.el7_9.noarch.rpm SHA-256: 85e6caee074a257fd1156ebb90a5e4ae15116eaab6b3597d35f19efb0d10e27d java-1.8.0-openjdk-javadoc-zip-1.8.0.492.b09-1.el7_9.noarch.rpm SHA-256: c15eda13e0cf0f0f24e7e5bf0619963465d61f66e7176e44a7b402d5ad7f9266 java-1.8.0-openjdk-src-1.8.0.492.b09-1.el7_9.ppc64.rpm SHA-256: 94183a0f05a8c180bd8584ba927edf45a5cfd38c0ae3d474afe766e909e9556a Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 SRPM java-1.8.0-openjdk-1.8.0.492.b09-1.el7_9.src.rpm SHA-256: 3fff76415f672f912e0ab0a90f631972e47bf68768498b5b4f4410cf5883261f ppc64le java-1.8.0-openjdk-1.8.0.492.b09-1.el7_9.ppc64le.rpm SHA-256: 114e8552a7379c3baeab1477a721772cf022f640742e6bc9b75e8fc48e3becff java-1.8.0-openjdk-accessibility-1.8.0.492.b09-1.el7_9.ppc64le.rpm SHA-256: f6acae4c076386f52978f0e776ad99e523eee3698343f0b0cf78c903ba12826b java-1.8.0-openjdk-debuginfo-1.8.0.492.b09-1.el7_9.ppc64le.rpm SHA-256: db16d1317cc721dddb65f3f31aafa7ffdaba7a9ebf772e6d1f8ad45c70576ce2 java-1.8.0-openjdk-debuginfo-1.8.0.492.b09-1.el7_9.ppc64le.rpm SHA-256: db16d1317cc721dddb65f3f31aafa7ffdaba7a9ebf772e6d1f8ad45c70576ce2 java-1.8.0-openjdk-demo-1.8.0.492.b09-1.el7_9.ppc64le.rpm SHA-256: 91bba909a7c91f03fb68ef0779dd90e19d332892c16df570ad45c2a566cb15f5 java-1.8.0-openjdk-devel-1.8.0.492.b09-1.el7_9.ppc64le.rpm SHA-256: 8a8f1082f2bc8a4116b92ba0ebaf8a91b56bc76144ce06be0789c18524f834b8 java-1.8.0-openjdk-headless-1.8.0.492.b09-1.el7_9.ppc64le.rpm SHA-256: 73a080e247e2269feac4ef8e1b36ee17a15ff734cd8b809088b29fb57d88797c java-1.8.0-openjdk-javadoc-1.8.0.492.b09-1.el7_9.noarch.rpm SHA-256: 85e6caee074a257fd1156ebb90a5e4ae15116eaab6b3597d35f19efb0d10e27d java-1.8.0-openjdk-javadoc-zip-1.8.0.492.b09-1.el7_9.noarch.rpm SHA-256: c15eda13e0cf0f0f24e7e5bf0619963465d61f66e7176e44a7b402d5ad7f9266 java-1.8.0-openjdk-src-1.8.0.492.b09-1.el7_9.ppc64le.rpm SHA-256: a5a159cce4d19caf202a63ec9486b792e02babde5317b58f0faaa4577b2c86da The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .