Mehrere Probleme in java-1.8.0-openjdk
ID: | FEDORA-2020-508df53719 |
Distribution: | Fedora |
Plattformen: | Fedora 31 |
Datum: | Di, 28. Juli 2020, 23:23 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14593 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14581 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14583 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578 |
Applikationen: | OpenJDK |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-508df53719 2020-07-28 15:00:49.912003 -------------------------------------------------------------------------------- Name : java-1.8.0-openjdk Product : Fedora 31 Version : 1.8.0.262.b10 Release : 1.fc31 URL : http://openjdk.java.net/ Summary : OpenJDK Runtime Environment 8 Description : The OpenJDK runtime environment 8. -------------------------------------------------------------------------------- Update Information: # July 2020 OpenJDK security update for OpenJDK 8. Full release notes: https://bitly.com/oj8u262 ## New features * [JDK-8223147](https://bugs.openjdk.java.net/browse/JDK-8223147): JFR Backport ## Security fixes - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling ## [JDK-8240687](https://bugs.openjdk.java.net/browse/JDK-8240687): JDK Flight Recorder Integrated to OpenJDK 8u OpenJDK 8u now contains the backport of JEP 328: Flight Recorder (https://openjdk.java.net/jeps/328) from later versions of OpenJDK. JFR is a low-overhead framework to collect and provide data helpful to troubleshoot the performance of the OpenJDK runtime and of Java applications. It consists of a new API to define custom events under the jdk.jfr namespace and a JMX interface to interact with the framework. The recording can also be initiated with the application startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces the +XX:EnableTracing feature introduced in JEP 167, providing a more efficient way to retrieve the same information. For compatibility reasons, +XX:EnableTracing is still accepted, however no data will be printed. While JFR is not built by default upstream, it is included in Fedora binaries for supported architectures (x86_64, AArch64 & PowerPC 64) ## [JDK-8205622](https://bugs.openjdk.java.net/browse/JDK-8205622): JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording JFR will be disabled with a warning message if it is enabled during CDS dumping. The user will see the following warning message: OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping if JFR is enabled during CDS dumping such as in the following command line: $ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true ## [JDK-8244167](https://bugs.openjdk.java.net/browse/JDK-8244167): Removal of Comodo Root CA Certificate The following expired Comodo root CA certificate was removed from the `cacerts` keystore: + alias name "addtrustclass1ca [jdk]" Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE ## [JDK-8244166](https://bugs.openjdk.java.net/browse/JDK-8244166): Removal of DocuSign Root CA Certificate The following expired DocuSign root CA certificate was removed from the `cacerts` keystore: + alias name "keynectisrootca [jdk]" Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR ## [JDK-8240191](https://bugs.openjdk.java.net/browse/JDK-8240191): Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Prior to this change, the SunPKCS11 provider would throw a RuntimeException with the message: "FIPS flag set for non-internal module" when such a library was configured for NSS in non-FIPS mode. This change allows the JDK to work properly with recent NSS releases on GNU/Linux operating systems when the system-wide FIPS policy is turned on. Further information can be found in [JDK-8238555](https://bugs.openjdk.java.net/browse/JDK-8238555). -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 13 2020 Jiri Vanek |