Mehrere Probleme in java-11-openjdk
ID: | FEDORA-2020-5d0b4a2b5b |
Distribution: | Fedora |
Plattformen: | Fedora 32 |
Datum: | Fr, 24. Juli 2020, 07:10 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14583 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14573 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14562 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14593 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14581 |
Applikationen: | OpenJDK |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-5d0b4a2b5b 2020-07-24 01:13:00.082761 -------------------------------------------------------------------------------- Name : java-11-openjdk Product : Fedora 32 Version : 11.0.8.10 Release : 2.fc32 URL : http://openjdk.java.net/ Summary : OpenJDK Runtime Environment 11 Description : The OpenJDK runtime environment. -------------------------------------------------------------------------------- Update Information: # July 2020 OpenJDK security update for OpenJDK 11 Full release notes: https://bitly.com/openjdk1108 ## Security fixes - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233234: Better Zip Naming - JDK-8233239, CVE-2020-14562: Enhance TIFF support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8236867, CVE-2020-14573: Enhance Graal interface handling - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238013: Enhance String writing - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling ## [JDK-8244167](https://bugs.openjdk.java.net/browse/JDK-8244167): Removal of Comodo Root CA Certificate The following expired Comodo root CA certificate was removed from the `cacerts` keystore: + alias name "addtrustclass1ca [jdk]" Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE ## [JDK-8244166](https://bugs.openjdk.java.net/browse/JDK-8244166): Removal of DocuSign Root CA Certificate The following expired DocuSign root CA certificate was removed from the `cacerts` keystore: + alias name "keynectisrootca [jdk]" Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR ## [JDK-8240191](https://bugs.openjdk.java.net/browse/JDK-8240191): Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Prior to this change, the SunPKCS11 provider would throw a RuntimeException with the message: "FIPS flag set for non-internal module" when such a library was configured for NSS in non-FIPS mode. This change allows the JDK to work properly with recent NSS releases in GNU/Linux operating systems when the system-wide FIPS policy is turned on. Further information can be found in [JDK-8238555](https://bugs.openjdk.java.net/browse/JDK-8238555). ## [JDK-8245077](https://bugs.openjdk.java.net/browse/JDK-8245077): Default SSLEngine Should Create in Server Role In JDK 11 and later, `javax.net.ssl.SSLEngine` by default used client mode when handshaking. As a result, the set of default enabled protocols may differ to what is expected. `SSLEngine` would usually be used in server mode. From this JDK release onwards, `SSLEngine` will default to server mode. The `javax.net.ssl.SSLEngine.setUseClientMode(boolean mode)` method may be used to configure the mode. ## [JDK-8242147](https://bugs.openjdk.java.net/browse/JDK-8242147): New System Properties to Configure the TLS Signature Schemes Two new System Properties are added to customize the TLS signature schemes in JDK. `jdk.tls.client.SignatureSchemes` is added for TLS client side, and `jdk.tls.server.SignatureSchemes` is added for server side. Each System Property contains a comma-separated list of supported signature scheme names specifying the signature schemes that could be used for the TLS connections. The names are described in the "Signature Schemes" section of the *Java Security Standard Algorithm Names Specification*. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 18 2020 Severin Gehwolf |