It was discovered that the AnnotationInvocationHandler class in the Libraries component of OpenJDK did not properly convert an object argument into its textual representation, allowing calls to the overridable toString() method when generating an Exception.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1443 https://access.redhat.com/errata/RHSA-2022:1443
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1444 https://access.redhat.com/errata/RHSA-2022:1444
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1441 https://access.redhat.com/errata/RHSA-2022:1441
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1445 https://access.redhat.com/errata/RHSA-2022:1445
OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/32a5e5d3e88dcb25c8dccfd97d8312f29502eb5b OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/d3d68548f50893ec8b59bcbd62295dbef96fb6dd OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/monojdk8u/rev/d265f3f8d84d
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1442 https://access.redhat.com/errata/RHSA-2022:1442
Oracle CPU April 2022: https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA Fixed in Oracle Java SE 7u341, 8u331, 11.0.15, 17.0.3, 18.0.1.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1440 https://access.redhat.com/errata/RHSA-2022:1440
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1487 https://access.redhat.com/errata/RHSA-2022:1487
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1488 https://access.redhat.com/errata/RHSA-2022:1488
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1489 https://access.redhat.com/errata/RHSA-2022:1489
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1490 https://access.redhat.com/errata/RHSA-2022:1490
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1491 https://access.redhat.com/errata/RHSA-2022:1491
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u332 Via RHSA-2022:1492 https://access.redhat.com/errata/RHSA-2022:1492
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u332 Via RHSA-2022:1438 https://access.redhat.com/errata/RHSA-2022:1438
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.15 Via RHSA-2022:1435 https://access.redhat.com/errata/RHSA-2022:1435
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.15 Via RHSA-2022:1439 https://access.redhat.com/errata/RHSA-2022:1439
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.3 Via RHSA-2022:1436 https://access.redhat.com/errata/RHSA-2022:1436
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.3 Via RHSA-2022:1437 https://access.redhat.com/errata/RHSA-2022:1437
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-21434
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:2137 https://access.redhat.com/errata/RHSA-2022:2137
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:1729 https://access.redhat.com/errata/RHSA-2022:1729
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:1728 https://access.redhat.com/errata/RHSA-2022:1728
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2022:4957 https://access.redhat.com/errata/RHSA-2022:4957
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2022:4959 https://access.redhat.com/errata/RHSA-2022:4959
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5837 https://access.redhat.com/errata/RHSA-2022:5837