drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in java-1.8.0-openjdk
Name: |
Zwei Probleme in java-1.8.0-openjdk |
|
ID: |
FEDORA-2021-f71b592e07 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 32 |
|
Datum: |
Fr, 30. April 2021, 07:02 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2161 |
|
Applikationen: |
OpenJDK |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2021-f71b592e07 2021-04-30 01:06:48.218192 ------------------------------------------------------------------------------- -
Name : java-1.8.0-openjdk Product : Fedora 32 Version : 1.8.0.292.b10 Release : 0.fc32 URL : http://openjdk.java.net/ Summary : OpenJDK 8 Runtime Environment Description : The OpenJDK 8 runtime environment.
------------------------------------------------------------------------------- - Update Information:
# New in release OpenJDK 8u292 (2021-04-20): Live versions of these release notes can be found at: * https://bitly.com/openjdk8u292 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt ## Security fixes - JDK-8227467: Better class method invocations * JDK-8244473: Contextualize registration for JNDI * JDK-8244543: Enhanced handling of abstract classes * JDK-8249906, CVE-2021-2163: Enhance opening JARs * JDK-8250568, CVE-2021-2161: Less ambiguous processing * JDK-8253799: Make lists of normal filenames ## Other significant changes * [JDK-8236730](https://bugs.openjdk.java.net/browse/JDK-8236730): Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default * [JDK-8244286](https://bugs.openjdk.java.net/browse/JDK-8244286): Tools Warn If Weak Algorithms Are Used * [JDK-8256490](https://bugs.openjdk.java.net/browse/JDK-8256490): Disable TLS 1.0 and 1.1 * [JDK-8242147](https://bugs.openjdk.java.net/browse/JDK-8242147): New System Properties to Configure the TLS Signature Schemes * [JDK-8177368](https://bugs.openjdk.java.net/browse/JDK-8177368): Several incorporation steps are silently failing when an error should be reported Full release notes can also be found in the `NEWS` file in the installed RPM. ------------------------------------------------------------------------------- - ChangeLog:
* Tue Apr 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b10-0 - Update to aarch64-shenandoah-jdk8u292-b10 (GA) - Update release notes for 8u292-b10. * Tue Mar 30 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b09-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b09 (EA) - Update release notes for 8u292-b09. * Sat Mar 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b08-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b08 (EA) - Update release notes for 8u292-b08. - Require tzdata 2021a due to JDK-8260356 * Thu Mar 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b07-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b07 (EA) - Update release notes for 8u292-b07. * Mon Mar 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b06-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b06 (EA) - Update release notes for 8u292-b06. - Require tzdata 2020f due to JDK-8259048 * Thu Mar 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b05-0.2.ea - Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA) - Update release notes for 8u292-b05-shenandoah-merge-2021-03-11. - Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of JDK-8188813 in 8u. - Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer types are accurate. * Thu Mar 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b05-0.1.ea - Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes. - Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch. * Mon Mar 8 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b05-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b05 (EA) - Update release notes for 8u292-b05. * Fri Mar 5 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b04-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b04 (EA) - Update release notes for 8u292-b04. * Thu Mar 4 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b03-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b03 (EA) - Update release notes for 8u292-b03. * Tue Mar 2 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b02-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b02 (EA) - Update release notes for 8u292-b02. * Fri Feb 19 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b01-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b01 (EA) - Update release notes for 8u292-b01. - Switch to EA mode. - Update tarball generation script to use PR3822 which handles JDK-8233228 & JDK-8035166 changes * Thu Feb 18 2021 Stephan Bergmann <sbergman@redhat.com> - 1:1.8.0.282.b08-5 - Hardcode /usr/sbin/alternatives for Flatpak builds ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-f71b592e07' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
|
|
|
|