This Red Hat security advisory covers a set of vulnerabilities fixed in the Red Hat build of OpenJDK 17.0.19 for portable Linux, replacing version 17.0.18. The update addresses eight CVEs: CVE-2026-22007 (crypto algorithm support), CVE-2026-22013 (Kerberos credentialing), CVE-2026-22016 (path factories), CVE-2026-22018 (zip file reading), CVE-2026-22021 (certificate chain validation), CVE-2026-23865 (FreeType 2.14.1 update), CVE-2026-34268 (key generation), and CVE-2026-34282 (TLS connection handling). These vulnerabilities span multiple CWE categories including cryptographic weaknesses and memory handling issues. The advisory is rated as important by Red Hat Product Security and recommends updating to the new OpenJDK build to address these security concerns.

The vulnerabilities fixed in this update affect cryptographic operations, authentication mechanisms (Kerberos), file handling (zip files), certificate validation, and TLS connections within the OpenJDK 17 runtime environment. Exploitation could potentially undermine the security guarantees of applications relying on OpenJDK 17, such as weakening encryption, compromising authentication, or causing improper validation of certificates. No known exploits in the wild have been reported at this time. The overall security impact is rated as important by Red Hat.

Red Hat has released an updated build of OpenJDK 17 (version 17.0.19) that includes fixes for the listed vulnerabilities. Users should apply this update promptly after ensuring all previously released errata relevant to their system have been applied. Detailed update instructions are available in the Red Hat advisory and documentation. No additional mitigation steps are indicated beyond applying the official update.