The Red Hat build of OpenJDK 11 (version 11.0.31) with Extended Lifecycle Support for portable Linux replaces version 11.0.30 and includes multiple security fixes. The vulnerabilities fixed include out-of-bounds reads (CVE-2025-66293), information disclosure and denial of service via integer truncation (CVE-2026-22801), heap buffer overflow (CVE-2026-25646), denial of service via buffer overflow in GIFLIB (CVE-2026-26740), arbitrary code execution due to use-after-free (CVE-2026-33416), and other issues related to out-of-bounds read/write and heap buffer over-read in LIBPNG components. Additional CVEs related to the JDK are also addressed. These vulnerabilities affect multiple architectures supported by Red Hat's OpenJDK 11 ELS packages. The update is classified as important by Red Hat Product Security.

The vulnerabilities fixed in this update can lead to various impacts including out-of-bounds memory access, information disclosure, denial of service, heap buffer overflows, and arbitrary code execution. These issues affect the OpenJDK 11 runtime and development kit, potentially impacting applications running on affected Red Hat Linux systems. No known exploits in the wild have been reported. The severity of these vulnerabilities is considered high due to the possibility of arbitrary code execution and denial of service.

Red Hat has released OpenJDK 11.0.31 ELS as a security update that addresses these vulnerabilities. Users should apply this update to replace the previous OpenJDK 11.0.30 build. Before applying the update, ensure all previously released relevant errata are applied. Detailed update instructions are available from Red Hat's official documentation. Since this is an official security advisory with an available update, applying the provided update is the recommended mitigation.