Red Hat Product Errata RHSA-2026:9693 - Security Advisory Issued: 2026-04-22 Updated: 2026-04-22 RHSA-2026:9693 - Security Advisory Overview Updated Packages Synopsis Important: java-25-openjdk security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for java-25-openjdk is now available for Red Hat Enterprise Linux 9 and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fix(es): JDK: Enhance crypto algorithm support (CVE-2026-22007) JDK: Improved Arena allocations (CVE-2026-22008) JDK: Improve Kerberos credentialing (CVE-2026-22013) JDK: Enhance Path Factories Redux (CVE-2026-22016) JDK: Enhance Zip file reading (CVE-2026-22018) JDK: Enhance certificate chain validation (CVE-2026-22021) JDK: Updating FreeType 2.14.1 (CVE-2026-23865) JDK: Enhance TLS connection handling (CVE-2026-34282) JDK: Enhance key generation (CVE-2026-34268) This release also updates a number of third-party libraries included in the JDK. The libraries themselves are affected by the following CVEs, but this is not a statement that the JDK itself is affected: giflib: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740) libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) Bug Fix(es): When copying files, OpenJDK 25 prefers to use the copy_file_range native function for performance reasons, only falling back to sendfile when this fails. However, in previous OpenJDK 25 releases, a response of EOPNOTSUPP (operation not supported) did not cause the JDK to fall back to sendfile. This is rectified in this release. (RHEL-169939, RHEL-169937) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes (none) CVEs CVE-2026-22007 CVE-2026-22008 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865 CVE-2026-26740 CVE-2026-33416 CVE-2026-33636 CVE-2026-34268 CVE-2026-34282 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM java-25-openjdk-25.0.3.0.9-1.el10_2.src.rpm SHA-256: 6b387a95f2c3539934e68f559331a98dc38d2bc92637a4b3db56d3ccdc85ac3c x86_64 java-25-openjdk-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: ba94bdbea3ea83f1911365b244f87ca9c9634ea7c5be4e380ef500fee9810d9d java-25-openjdk-crypto-adapter-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 2c405b174fe7f4e27a4354a56832f4154bf382e1a0ff348cd66c48fc300c5975 java-25-openjdk-crypto-adapter-debuginfo-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 2327e6624312606cea04704e3cbdba466885314b7c89c1ba8143e7490c027d40 java-25-openjdk-debuginfo-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 5785a441f50031592073a31698fd356e040b1f5c4b09ddd9d2c932596311c338 java-25-openjdk-debugsource-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 53222945ebea9829d9c722464174475aebe04c396f7d1e23305f63649a2b0139 java-25-openjdk-demo-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 6ad035db926c4bd77761ea4816db9cdfb3385863c7044ebfcd5b05cdeb57f667 java-25-openjdk-devel-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 5c3df3522dd08c2ba460328bda46e13560ab238202d6e2f44e228095756f1448 java-25-openjdk-devel-debuginfo-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 5eadcb6fc39f5fb134c7f87d56ef5752bbec03aeccf82f223d67e50e18ceff6a java-25-openjdk-headless-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: cdc92f4c49b8a0e881b942a326e33cdcb8b9aced88b851eeecd01a092fbdc4c8 java-25-openjdk-headless-debuginfo-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 70adf96895adf08d048f4b361d45be512f1947063f0088ec4472d7531740eff4 java-25-openjdk-javadoc-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 1a0109767e3727c3a10611aff233a455b57fc490dd39b94fd6641170bf97dc5f java-25-openjdk-javadoc-zip-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 62e37631f8a47bd9c30f9ef9a2b022f1fe97ef0e123d2e8293a04aa4143a079e java-25-openjdk-jmods-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 72cd6d0160d6e9bf98ca33a137354905891d8d9c86d616c3428e9124b20c5814 java-25-openjdk-src-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: f09b66da8037946e0fdf7a65fdee4d979e1b5f76bb04a60dcd652a1c579e3b9e java-25-openjdk-static-libs-25.0.3.0.9-1.el10_2.x86_64.rpm SHA-256: 94a31ec4b391780351652aab05fbf7e1aa43504869ffb2b66f617508ef1913fa Red Hat Enterprise Linux for x86_64 9 SRPM java-25-openjdk-25.0.3.0.9-1.el9.src.rpm SHA-256: dacb40a12f0d96f76342e587799b9bab7ea8c6fa245813c011a7fbad2ff8261f x86_64 java-25-openjdk-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: 167ec10dfb94741181c81abcb16eb6acc25c7cc38603f47b3cc16939c9732080 java-25-openjdk-crypto-adapter-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: b093ce2489b15317a0d9be3073829267b53cb1eca2f2efd6865736a664e2cd83 java-25-openjdk-crypto-adapter-debuginfo-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: 2542664d94c07068cb68d36d160b6ef095a9ad1a79c25b7c538f236b770665ff java-25-openjdk-debuginfo-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: b29e42c0252d74d1c14afb7ce24cba2332bc9b0c9a8d4e415af02ddd05df93af java-25-openjdk-debugsource-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: 83e7509da1cfeb3487fc05bace4dc716aa09196e5959426128e92ad7909decaf java-25-openjdk-demo-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: ecac4d370db879afa9c7590321cd215968e0ce7fc1eb391e3c382dfe3df3b5d4 java-25-openjdk-devel-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: 159a0499611c48db0fd1dc5e6bf0de4e5e2bffd1e2a24ee22ad7168c47702a64 java-25-openjdk-devel-debuginfo-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: aae78c34e7c58409cc1d2e1eb02dc82c4b5b37cd401e545bdb995bbeb0f27e2d java-25-openjdk-headless-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: 67351bbf8ab0231774f33c1bf2b53358558f92e7ca0818ef5f785229b22ea63e java-25-openjdk-headless-debuginfo-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: d8e689dcddb465bcf879099fc2f679469a21b0e2013bcb8299a39419ed280a28 java-25-openjdk-javadoc-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: f425ff72a26c4f726cdb7f664924ae66185e1f6938862c08bacae4b795829d81 java-25-openjdk-javadoc-zip-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: 8f6da5688c14d42906d86a36ad1f8698d18e7aedc61cf0aff4d0a715e6f66e74 java-25-openjdk-jmods-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: a701d9c2119a459c176b92773360b634e1803c41b67368618521b5fb55f121cf java-25-openjdk-src-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: d05d260634d3071624d65a94d02a5a5c93ba16c7cd477d99ab8d3458bcf66a04 java-25-openjdk-static-libs-25.0.3.0.9-1.el9.x86_64.rpm SHA-256: c5eef6c22812424704fbfefee4b0c19663d733cc7d29374ba54e74d515ab988d Red Hat Enterprise Linux for IBM z Systems 10 SRPM java-25-openjdk-25.0.3.0.9-1.el10_2.src.rpm SHA-256: 6b387a95f2c3539934e68f559331a98dc38d2bc92637a4b3db56d3ccdc85ac3c s390x java-25-openjdk-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: de48822dcde43c1ed1cce0322b38c045dca8572974ad79475446610259f298b0 java-25-openjdk-crypto-adapter-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 58e80ab17c9c185407a0d12d15791124cb208e5fbecc634c2e40dccf8ce2880f java-25-openjdk-crypto-adapter-debuginfo-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 45ca6f3a58ce8732ae4e0df785c33a79e6efac0ff48bf16fde4909e55971b21b java-25-openjdk-debuginfo-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 8f25fcaf6b87f7219b7901095596872c956a43baad5c9ad922ad0cef362b942a java-25-openjdk-debugsource-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 2263627b9a986c3325609e0b22515b6a7c0257ff6b3c00f73f13205226fc60a8 java-25-openjdk-demo-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 99f5269788ce0224338a739905b2bd8db7f9a00abc37e1f687c81e46cdb09724 java-25-openjdk-devel-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 640496e1fb5d6b63b1b50c6bd716c674863b8dadf5ad5e994f2506f7dc4f7d7f java-25-openjdk-devel-debuginfo-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: a9384f41e932bf73576512d94c87fab92e204f0708c667822ef059a2a7d90b08 java-25-openjdk-headless-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 1a12dfb0387bd9ec98e032f72fdee1617b85801ecded83f8453deeea6ccea6e5 java-25-openjdk-headless-debuginfo-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 51a07ae1de7cc94316af73b58574497a1b1259e55d6da77b8a43aceabc9c1464 java-25-openjdk-javadoc-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 8509659787f7f0a2b87bd80b55afd194c61c6adcfad1e4d0b72bb888506f1944 java-25-openjdk-javadoc-zip-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 8a7d168a234eec3241f13dfe20658625fcca76cbd46375230ceffc152c72551e java-25-openjdk-jmods-25.0.3.0.9-1.el10_2.s390x.rpm SHA-256: 235afa5bb63c7a56c25662d9b3e5feebd39d668897