Fedora 31: java-1.8.0-openjdk 2020-508df53719

    Date 28 Jul 2020
    108
    Posted By LinuxSecurity Advisories
    # July 2020 OpenJDK security update for OpenJDK 8. Full release notes: https://bitly.com/oj8u262 ## New features * [JDK-8223147](https://bugs.openjdk.java.net/browse/JDK-8223147): JFR Backport ## Security fixes - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578:
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-508df53719
    2020-07-28 15:00:49.912003
    --------------------------------------------------------------------------------
    
    Name        : java-1.8.0-openjdk
    Product     : Fedora 31
    Version     : 1.8.0.262.b10
    Release     : 1.fc31
    URL         : https://openjdk.java.net/
    Summary     : OpenJDK Runtime Environment 8
    Description :
    The OpenJDK runtime environment 8.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    # July 2020 OpenJDK security update for OpenJDK 8.  Full release notes:
    https://bitly.com/oj8u262  ## New features *
    [JDK-8223147](https://bugs.openjdk.java.net/browse/JDK-8223147): JFR Backport
    ## Security fixes   - JDK-8028431, CVE-2020-14579: NullPointerException in
    DerValue.equals(DerValue)   - JDK-8028591, CVE-2020-14578:
    NegativeArraySizeException in
    sun.security.util.DerInputStream.getUnalignedBitString()   - JDK-8230613: Better
    ASCII conversions   - JDK-8231800: Better listing of arrays   - JDK-8232014:
    Expand DTD support   - JDK-8233255: Better Swing Buttons   - JDK-8234032:
    Improve basic calendar services   - JDK-8234042: Better factory production of
    certificates   - JDK-8234418: Better parsing with CertificateFactory   -
    JDK-8234836: Improve serialization handling   - JDK-8236191: Enhance OID
    processing   - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior   -
    JDK-8237592, CVE-2020-14577: Enhance certificate verification   - JDK-8238002,
    CVE-2020-14581: Better matrix operations   - JDK-8238804: Enhance key handling
    process   - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable   -
    JDK-8238843: Enhanced font handing   - JDK-8238920, CVE-2020-14583: Better
    Buffer support   - JDK-8238925: Enhance WAV file playback   - JDK-8240119,
    CVE-2020-14593: Less Affine Transformations   - JDK-8240482: Improved WAV file
    playback   - JDK-8241379: Update JCEKS support   - JDK-8241522: Manifest
    improved jar headers redux   - JDK-8242136, CVE-2020-14621: Better XML namespace
    handling  ## [JDK-8240687](https://bugs.openjdk.java.net/browse/JDK-8240687):
    JDK Flight Recorder Integrated to OpenJDK 8u  OpenJDK 8u now contains the
    backport of JEP 328: Flight Recorder (https://openjdk.java.net/jeps/328) from
    later versions of OpenJDK.  JFR is a low-overhead framework to collect and
    provide data helpful to troubleshoot the performance of the OpenJDK runtime and
    of Java applications. It consists of a new API to define custom events under the
    jdk.jfr namespace and a JMX interface to interact with the framework. The
    recording can also be initiated with the application startup using the
    -XX:+FlightRecorder flag or via jcmd. JFR replaces the +XX:EnableTracing feature
    introduced in JEP 167, providing a more efficient way to retrieve the same
    information. For compatibility reasons, +XX:EnableTracing is still accepted,
    however no data will be printed.  While JFR is not built by default upstream, it
    is included in Fedora binaries for supported architectures (x86_64, AArch64 &
    PowerPC 64)  ## [JDK-8205622](https://bugs.openjdk.java.net/browse/JDK-8205622):
    JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
    JFR will be disabled with a warning message if it is enabled during CDS dumping.
    The user will see the following warning message:      OpenJDK 64-Bit Server VM
    warning: JFR will be disabled during CDS dumping  if JFR is enabled during CDS
    dumping such as in the following command line:      $ java -Xshare:dump
    -XX:StartFlightRecording=dumponexit=true  ##
    [JDK-8244167](https://bugs.openjdk.java.net/browse/JDK-8244167): Removal of
    Comodo Root CA Certificate  The following expired Comodo root CA certificate was
    removed from the `cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
    Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network,
    O=AddTrust AB, C=SE  ##
    [JDK-8244166](https://bugs.openjdk.java.net/browse/JDK-8244166): Removal of
    DocuSign Root CA Certificate  The following expired DocuSign root CA certificate
    was removed from  the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
    Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR  ##
    [JDK-8240191](https://bugs.openjdk.java.net/browse/JDK-8240191): Allow SunPKCS11
    initialization with NSS when external FIPS modules are present in the Security
    Modules Database  The SunPKCS11 security provider can now be initialized with
    NSS when FIPS-enabled external modules are configured in the Security Modules
    Database (NSSDB). Prior to this change, the SunPKCS11 provider would throw a
    RuntimeException with the message: "FIPS flag set for non-internal module" when
    such a library was configured for NSS in non-FIPS mode.  This change allows the
    JDK to work properly with recent NSS releases on GNU/Linux operating systems
    when the system-wide FIPS policy is turned on.  Further information can be found
    in [JDK-8238555](https://bugs.openjdk.java.net/browse/JDK-8238555).
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Mon Jul 13 2020 Jiri Vanek  - 1:1.8.0.262.b10-1
    - Set vendor property and vendor URLs
    - Made URLs to be preconfigured by OS
    * Sun Jul 12 2020 Andrew Hughes  - 1:1.8.0.262.b10-0
    - Update to aarch64-shenandoah-jdk8u262-b10.
    - Update release notes for 8u262 release.
    - Remove issues in NEWS file duplicated between 8u252 & 8u262 releases.
    - Update generate_source_tarball.sh script to use the PR3756 patch and retain the secp256k1 curve.
    - Add the -'4curve' suffix to the tarball name.
    - Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR
    - Adjust RH1648644 following context changes due to introduction of JFR packages
    - Split JDK-8042159 patch into per-repo patches as upstream.
    - Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk
    - Enable JFR in our builds, ahead of upstream default.
    - Only enable JFR for JIT builds, as it is not supported with Zero.
    - Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash.
    - Explicitly list jfr.jar, default.jfc & profile.jfc in the spec file.
    - Introduce jfr_arches for architectures which support JFR.
    - Fix typo in jfr_arches which leads to ppc64 being wrongly excluded.
    - Add jfr binary to devel package and alternatives set
    - With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR.
    - Require tzdata 2020a so system tzdata matches resource updates in b07
    - Use sa_arches for libsaproc.so inclusion.
    * Wed May 27 2020 Jiri Andrlik  - 1:1.8.0.252.b09-1
    - backports of provides fixes from master
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-508df53719' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Are you planning to use the 1Password password manager now that it is available to Linux users?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/35-are-you-planning-to-use-the-1password-password-manager-now-that-it-is-available-to-linux-users?task=poll.vote&format=json
    35
    radio
    [{"id":"122","title":"Yes","votes":"1","type":"x","order":"1","pct":20,"resources":[]},{"id":"123","title":"No ","votes":"3","type":"x","order":"2","pct":60,"resources":[]},{"id":"124","title":"Not sure at the moment","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.