Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in java-1.8.0-openjdk
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in java-1.8.0-openjdk
ID: FEDORA-2021-25b47f16af
Distribution: Fedora
Plattformen: Fedora 34
Datum: Di, 27. April 2021, 08:02
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2161
Applikationen: OpenJDK

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2021-25b47f16af
2021-04-27 00:29:47.283959
-------------------------------------------------------------------------------
-

Name : java-1.8.0-openjdk
Product : Fedora 34
Version : 1.8.0.292.b10
Release : 0.fc34
URL : http://openjdk.java.net/
Summary : OpenJDK 8 Runtime Environment
Description :
The OpenJDK 8 runtime environment.

-------------------------------------------------------------------------------
-
Update Information:

# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release
notes can be found at: * https://bitly.com/openjdk8u292 *
https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ##
Security fixes - JDK-8227467: Better class method invocations * JDK-8244473:
Contextualize registration for JNDI * JDK-8244543: Enhanced handling of
abstract classes * JDK-8249906, CVE-2021-2163: Enhance opening JARs *
JDK-8250568, CVE-2021-2161: Less ambiguous processing * JDK-8253799: Make
lists of normal filenames ## Other significant changes *
[JDK-8236730](https://bugs.openjdk.java.net/browse/JDK-8236730): Weak Named
Curves in TLS, CertPath, and Signed JAR Disabled by Default *
[JDK-8244286](https://bugs.openjdk.java.net/browse/JDK-8244286): Tools Warn If
Weak Algorithms Are Used *
[JDK-8256490](https://bugs.openjdk.java.net/browse/JDK-8256490): Disable TLS 1.0
and 1.1 * [JDK-8242147](https://bugs.openjdk.java.net/browse/JDK-8242147): New
System Properties to Configure the TLS Signature Schemes *
[JDK-8177368](https://bugs.openjdk.java.net/browse/JDK-8177368): Several
incorporation steps are silently failing when an error should be reported *
ATK
accessibility bridge bindings removed Full release notes can also be found in
the `NEWS` file in the installed RPM.
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Apr 13 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b10-0
- Update to aarch64-shenandoah-jdk8u292-b10 (GA)
- Update release notes for 8u292-b10.
* Tue Mar 30 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b09-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b09 (EA)
- Update release notes for 8u292-b09.
* Sat Mar 27 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b08-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b08 (EA)
- Update release notes for 8u292-b08.
- Require tzdata 2021a due to JDK-8260356
* Thu Mar 25 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b07-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b07 (EA)
- Update release notes for 8u292-b07.
* Wed Mar 24 2021 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.292.b06-0.1.ea
- removal of atk accessibility bridge bindings:
- removed libatk-wrapper[.]so.* from global _privatelibs
- removed files_accessibility and java_accessibility_rpo macros
- removed patch1 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch and
patch3 rh1648644-java_access_bridge_privileged_security.patch
- removal of accessibility{,-slowdebug,-fastdebug} subpackages
- no longer creating symlinks of
%{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 libatk-wrapper.so and %{_libdir}/java-atk-wrapper/java-atk-wrapper.jar java-atk-wrapper.jar
- no longer creating
%{_jvmdir}/java-1.8.0-openjdk-1.8.0.292.b10-0.fc34.arm$suffix/jre/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
- removal of accessibility{,-slowdebug,-fastdebug} subpackages files sections
* Mon Mar 22 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b06-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b06 (EA)
- Update release notes for 8u292-b06.
- Require tzdata 2020f due to JDK-8259048
* Thu Mar 18 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b05-0.2.ea
- Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA)
- Update release notes for 8u292-b05-shenandoah-merge-2021-03-11.
- Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of
JDK-8188813 in 8u.
- Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer
types are accurate.
* Thu Mar 18 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b05-0.1.ea
- Re-organise S/390 patches for upstream submission, separating 8u upstream
from Shenandoah fixes.
- Add new formatting case found in memprofiler.cpp on debug builds to PR3593
patch.
* Mon Mar 8 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b05-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b05 (EA)
- Update release notes for 8u292-b05.
* Fri Mar 5 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b04-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b04 (EA)
- Update release notes for 8u292-b04.
* Thu Mar 4 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b03-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b03 (EA)
- Update release notes for 8u292-b03.
* Tue Mar 2 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b02-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b02 (EA)
- Update release notes for 8u292-b02.
* Fri Feb 19 2021 Andrew Hughes <gnu.andrew@redhat.com> -
1:1.8.0.292.b01-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b01 (EA)
- Update release notes for 8u292-b01.
- Switch to EA mode.
- Update tarball generation script to use PR3822 which handles
JDK-8233228 & JDK-8035166 changes
* Thu Feb 18 2021 Stephan Bergmann <sbergman@redhat.com> -
1:1.8.0.282.b08-5
- Hardcode /usr/sbin/alternatives for Flatpak builds
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-25b47f16af' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung