Sicherheit: Mehrere Probleme in java-1.8.0-openjdk
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in java-1.8.0-openjdk
ID: FEDORA-2020-508df53719
Distribution: Fedora
Plattformen: Fedora 31
Datum: Di, 28. Juli 2020, 23:23
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621
Applikationen: OpenJDK


Fedora Update Notification
2020-07-28 15:00:49.912003

Name : java-1.8.0-openjdk
Product : Fedora 31
Version :
Release : 1.fc31
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

Update Information:

# July 2020 OpenJDK security update for OpenJDK 8. Full release notes:
https://bitly.com/oj8u262 ## New features *
[JDK-8223147](https://bugs.openjdk.java.net/browse/JDK-8223147): JFR Backport
## Security fixes - JDK-8028431, CVE-2020-14579: NullPointerException in
DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578:
NegativeArraySizeException in
sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613:
ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014:
Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032:
Improve basic calendar services - JDK-8234042: Better factory production of
certificates - JDK-8234418: Better parsing with CertificateFactory -
JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID
processing - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior -
JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002,
CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling
process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable -
JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better
Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119,
CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file
playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest
improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML
handling ## [JDK-8240687](https://bugs.openjdk.java.net/browse/JDK-8240687):
JDK Flight Recorder Integrated to OpenJDK 8u OpenJDK 8u now contains the
backport of JEP 328: Flight Recorder (https://openjdk.java.net/jeps/328) from
later versions of OpenJDK. JFR is a low-overhead framework to collect and
provide data helpful to troubleshoot the performance of the OpenJDK runtime and
of Java applications. It consists of a new API to define custom events under
jdk.jfr namespace and a JMX interface to interact with the framework. The
recording can also be initiated with the application startup using the
-XX:+FlightRecorder flag or via jcmd. JFR replaces the +XX:EnableTracing
introduced in JEP 167, providing a more efficient way to retrieve the same
information. For compatibility reasons, +XX:EnableTracing is still accepted,
however no data will be printed. While JFR is not built by default upstream,
is included in Fedora binaries for supported architectures (x86_64, AArch64
PowerPC 64) ## [JDK-8205622](https://bugs.openjdk.java.net/browse/JDK-8205622):
JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
JFR will be disabled with a warning message if it is enabled during CDS
The user will see the following warning message: OpenJDK 64-Bit Server VM
warning: JFR will be disabled during CDS dumping if JFR is enabled during CDS
dumping such as in the following command line: $ java -Xshare:dump
-XX:StartFlightRecording=dumponexit=true ##
[JDK-8244167](https://bugs.openjdk.java.net/browse/JDK-8244167): Removal of
Comodo Root CA Certificate The following expired Comodo root CA certificate
removed from the `cacerts` keystore: + alias name "addtrustclass1ca
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network,
O=AddTrust AB, C=SE ##
[JDK-8244166](https://bugs.openjdk.java.net/browse/JDK-8244166): Removal of
DocuSign Root CA Certificate The following expired DocuSign root CA
was removed from the `cacerts` keystore: + alias name "keynectisrootca
[JDK-8240191](https://bugs.openjdk.java.net/browse/JDK-8240191): Allow SunPKCS11
initialization with NSS when external FIPS modules are present in the Security
Modules Database The SunPKCS11 security provider can now be initialized with
NSS when FIPS-enabled external modules are configured in the Security Modules
Database (NSSDB). Prior to this change, the SunPKCS11 provider would throw a
RuntimeException with the message: "FIPS flag set for non-internal
module" when
such a library was configured for NSS in non-FIPS mode. This change allows the
JDK to work properly with recent NSS releases on GNU/Linux operating systems
when the system-wide FIPS policy is turned on. Further information can be
in [JDK-8238555](https://bugs.openjdk.java.net/browse/JDK-8238555).

* Mon Jul 13 2020 Jiri Vanek <jvanek@redhat.com> - 1:
- Set vendor property and vendor URLs
- Made URLs to be preconfigured by OS
* Sun Jul 12 2020 Andrew Hughes <gnu.andrew@redhat.com> -
- Update to aarch64-shenandoah-jdk8u262-b10.
- Update release notes for 8u262 release.
- Remove issues in NEWS file duplicated between 8u252 & 8u262 releases.
- Update generate_source_tarball.sh script to use the PR3756 patch and retain
the secp256k1 curve.
- Add the -'4curve' suffix to the tarball name.
- Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287
for JFR
- Adjust RH1648644 following context changes due to introduction of JFR
- Split JDK-8042159 patch into per-repo patches as upstream.
- Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to
- Enable JFR in our builds, ahead of upstream default.
- Only enable JFR for JIT builds, as it is not supported with Zero.
- Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count)
- Explicitly list jfr.jar, default.jfc & profile.jfc in the spec file.
- Introduce jfr_arches for architectures which support JFR.
- Fix typo in jfr_arches which leads to ppc64 being wrongly excluded.
- Add jfr binary to devel package and alternatives set
- With JDK-8248399 fixed, a broken jfr binary is no longer installed on
architectures without JFR.
- Require tzdata 2020a so system tzdata matches resource updates in b07
- Use sa_arches for libsaproc.so inclusion.
* Wed May 27 2020 Jiri Andrlik <jandrlik@redhat.com> - 1:
- backports of provides fixes from master

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-508df53719' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten