A flaw was found in the way the Keytool component of OpenJDK handled X.509 certificates with validity period ending too far in the future, after year 9999. When such certificates were imported into a keystore, they could cause corruption of the keystore.
Public now via Oracle CPU October 2021: https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixJAVA Fixed in Oracle Java SE 17.0.1, 11.0.13, 8u311, and 7u321.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3886 https://access.redhat.com/errata/RHSA-2021:3886
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3884 https://access.redhat.com/errata/RHSA-2021:3884
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3885 https://access.redhat.com/errata/RHSA-2021:3885
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3893 https://access.redhat.com/errata/RHSA-2021:3893
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3887 https://access.redhat.com/errata/RHSA-2021:3887
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3891 https://access.redhat.com/errata/RHSA-2021:3891
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-35564
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3889 https://access.redhat.com/errata/RHSA-2021:3889
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3892 https://access.redhat.com/errata/RHSA-2021:3892
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u312 Via RHSA-2021:3960 https://access.redhat.com/errata/RHSA-2021:3960
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u312 Via RHSA-2021:3961 https://access.redhat.com/errata/RHSA-2021:3961
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.13 Via RHSA-2021:3967 https://access.redhat.com/errata/RHSA-2021:3967
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.13 Via RHSA-2021:3968 https://access.redhat.com/errata/RHSA-2021:3968
OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u-dev/commit/24843ba1379615f6c032050e2cb057860d97c08a OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/132377e2edb2
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4135 https://access.redhat.com/errata/RHSA-2021:4135
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.1 Via RHSA-2021:4532 https://access.redhat.com/errata/RHSA-2021:4532
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.1 Via RHSA-2021:4531 https://access.redhat.com/errata/RHSA-2021:4531
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2021:5030 https://access.redhat.com/errata/RHSA-2021:5030
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2022:0310 https://access.redhat.com/errata/RHSA-2022:0310
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0345 https://access.redhat.com/errata/RHSA-2022:0345