Threats Tagged 'cve-2026-23865'

Red Hat has released an important security update for its OpenJDK 11 Extended Lifecycle Support (ELS) Windows builds, version 11. 0. 31, replacing version 11. 0. 30. This update addresses eight security vulnerabilities in the OpenJDK 11 Java Runtime Environment and Software Development Kit, identified by CVE identifiers CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, and CVE-2026-34282. The update also includes bug fixes and enhancements. Red Hat rates the security impact of this update as Important. No known exploits in the wild have been reported. Users of affected OpenJDK 11 ELS versions on Windows should apply this update following Red Hat's guidance.

Red Hat has released an important security update for its build of OpenJDK 8 (version 8u492) for portable Linux. This update replaces the previous 8u482 release and addresses multiple security vulnerabilities affecting cryptographic algorithms, Kerberos credentialing, path handling, Zip file reading, certificate chain validation, FreeType library, and key generation. The update includes fixes for seven CVEs, including CVE-2026-22007 and others. No known exploits in the wild have been reported. Users are advised to apply this update after ensuring all prior relevant errata are installed.

Red Hat has issued a security advisory (RHSA-2026:7933) for Red Hat Hardened Images RPMs, specifically updating freetype packages to version 2. 14. 3-1. hum1 for aarch64 and x86_64 architectures. The advisory addresses a vulnerability identified as CVE-2026-23865. No specific details about the nature of the vulnerability or exploitation methods are provided. There are no known exploits in the wild at this time. The update is classified with medium severity. The advisory includes instructions to apply the update via the referenced Red Hat resources.

Red Hat has released a security update for the Eclipse Temurin build of OpenJDK 25 (version 25. 0. 3) for Windows, addressing multiple vulnerabilities. The update replaces version 25. 0. 2 and includes fixes for nine CVEs affecting cryptographic algorithms, memory allocation, Kerberos credentialing, path handling, zip file reading, certificate validation, FreeType library, TLS connection handling, and key generation. The advisory rates the update as important and addresses security and bug fixes. No known exploits in the wild have been reported. Users are advised to apply this update after ensuring all previous errata are applied.

Red Hat has issued a security advisory for the java-11-openjdk packages with Extended Lifecycle Support for Red Hat Enterprise Linux 7, 8, and 9. This update addresses multiple vulnerabilities in the OpenJDK 11 runtime and development kit, including out-of-bounds reads, heap buffer overflows, use-after-free, denial of service, and information disclosure issues primarily related to the LIBPNG and GIFLIB libraries. The advisory covers 15 CVEs with high severity. No known exploits in the wild have been reported. The update is available from Red Hat, and users are advised to apply it after ensuring all previous errata are installed. Patch status is confirmed by Red Hat's advisory, indicating that fixes are available.

Red Hat has released an important security update for OpenJDK 11. 0. 31 Extended Lifecycle Support (ELS) for portable Linux builds. This update addresses multiple vulnerabilities primarily related to the LIBPNG and GIFLIB libraries used within the JDK, including out-of-bounds reads, heap buffer overflows, use-after-free leading to arbitrary code execution, information disclosure, and denial of service. The update replaces the previous OpenJDK 11. 0. 30 build and includes both security fixes and bug fixes. Users of affected Red Hat OpenJDK 11 ELS versions on various architectures are advised to apply this update. No known exploits in the wild have been reported at this time.

Red Hat has released an important security update for the Red Hat build of OpenJDK 17 (version 17. 0. 19) for portable Linux. This update addresses multiple vulnerabilities related to cryptographic algorithm support, Kerberos credentialing, path factories, zip file reading, certificate chain validation, FreeType library, TLS connection handling, and key generation. The update replaces the previous 17. 0. 18 release and includes security fixes and enhancements. Users of affected OpenJDK 17 versions should apply this update to mitigate these issues.

Multiple security vulnerabilities affecting the java-17-openjdk packages in Red Hat Enterprise Linux have been addressed in a security update. These vulnerabilities involve enhancements to cryptographic algorithm support, Kerberos credentialing, path factories, zip file reading, certificate chain validation, FreeType library, TLS connection handling, and key generation. The update is rated as Important by Red Hat Product Security and affects various versions of Red Hat Enterprise Linux and related products. Users are advised to apply the update after ensuring all prior errata have been applied.