Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Fedora 40: FEDORA-2024-129d8ca6fc High: Ed25519-Java Type Confusion

fedora
Calendar Grey March 7, 2024
Dist Fedora Esm H88
The ed25519-java package in Fedora 40 has been updated to resolve type confusion issues and to upgrade the JDK from version 17 to 21, significantly boosting security measures.
Change for system JDK from 17 to 21

Summary

This is an implementation of EdDSA in Java. Structurally, it

is based on the ref10 implementation in SUPERCOP (see

There are two internal implementations:

* A port of the radix-2^51 operations in ref10

- fast and constant-time, but only useful for Ed25519.

* A generic version using BigIntegers for calculation

- a bit slower and not constant-time, but compatible

with any EdDSA parameter specification.

Update Information:

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639

Topics%20covered

Topics Covered

security advisory high severity software update Fedora type confusion JDK change ed25519-java

Change Log

* Sat Mar 2 2024 Jiri Vanek - 0.3.0-21 - Rebuilt for java-21-openjdk as system jdk

References


[ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: ed25519-java
Product: Fedora 40
Version: 0.3.0
Release: 21.fc40
URL: https://github.com/str4d/ed25519-java
Summary: Implementation of EdDSA (Ed25519) in Java

Topics%20covered

Topics Covered

security advisory high severity software update Fedora type confusion JDK change ed25519-java

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here