Oracle Linux Security Advisory ELSA-2024-4568

http://linux.oracle.com/errata/ELSA-2024-4568.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-17-openjdk-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-demo-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-devel-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-headless-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-javadoc-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-javadoc-zip-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-src-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-demo-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-demo-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-devel-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-devel-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-headless-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-headless-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-src-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-src-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm

aarch64:
java-17-openjdk-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-demo-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-devel-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-headless-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-javadoc-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-javadoc-zip-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-src-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-demo-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-demo-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-devel-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-devel-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-headless-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-headless-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-src-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-src-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//java-17-openjdk-17.0.12.0.7-2.0.1.el8.src.rpm

Related CVEs:

CVE-2024-21131
CVE-2024-21138
CVE-2024-21140
CVE-2024-21145
CVE-2024-21147




Description of changes:

[1:17.0.12.0.7-2.0.1]
- Add Oracle vendor bug URL

[1:17.0.12.0.7-2]
- Update to jdk-17.0.12+7 (GA)
- Update .gitignore to ignore openjdk-17.0.12+7.tar.xz
- Sync java-17-openjdk-portable.specfile
- Set buildver to 7
- Set portablerelease 1
- Set is_ga to 1
- Update sources to openjdk-17.0.12+7.tar.xz
- Resolves: RHEL-46638
- Resolves: RHEL-46996
- ** This tarball is embargoed until 2024-07-16 @ 1pm PT. **

[1:17.0.12.0.6-0.2.ea]
- Set rpmrelease to 2

[1:17.0.12.0.6-0.1.ea]
- Set portablerelease to 2
- Related: RHEL-46638
- Add debuginfo section to rpminspect.yaml (OPENJDK-2904)
- Add unicode section to rpminspect.yaml (OPENJDK-2904)
- Add contents of fips-17u-e893be00150.patch

[1:17.0.12.0.6-0.1.ea]
- Add upstream patch that removes illegal RLO Unicode characters (JDK-8332174)
- Sync the copy of the portable specfile with the latest update

[1:17.0.12.0.6-0.1.ea]
- Delete fips-17u-d63771ea660.patch
- Add fips-17u-e893be00150.patch
- Update fipsver to e893be00150

[1:17.0.12.0.6-0.1.ea]
- generate_source_tarball.sh: Use tar exclude options for VCS files
- generate_source_tarball.sh: Improve VCS exclusion

[1:17.0.12.0.6-0.1.ea]
- generate_source_tarball.sh: Update examples in header for clarity
- generate_source_tarball.sh: Cleanup message issued when checkout already exists
- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP
- generate_source_tarball.sh: Only add --depth=1 on non-local repositories
- icedtea_sync.sh: Reinstate from rhel-8.9.0 branch
- Move maintenance scripts to a scripts subdirectory
- discover_trees.sh: Set compile-command and indentation instructions for Emacs
- discover_trees.sh: shellcheck: Do not use -o (SC2166)
- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: Add authorship
- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs
- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)
- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: Set compile-command and indentation instructions for Emacs
- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)
- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)
- generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST
- generate_source_tarball.sh: Double-quote DEPTH reference (SC2086)
- generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck

[1:17.0.12.0.6-0.1.ea]
- Update to jdk-17.0.12+6 (EA)
- Add openjdk-17.0.12+6-ea.tar.xz to .gitignore
- Set updatever to 12
- Set buildver to 6
- Set rpmrelease to 1
- Set is_ga to 0
- Update sources to openjdk-17.0.12+6-ea.tar.xz
- Require tzdata-java 2024a at runtime and for build (JDK-8325150)
- Update lcms2 bundled provides to 2.16.0
- Add zlib 1.3.1 bundled provides and zlib-devel build requirement (OPENJDK-3065)
- Use component in EPEL and Fedora bug URLs
- Label as error a designator mismatch
- Change a fix-me comment to a note instead
- Sync generate_source_tarball.sh from Fedora rawhide


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2024-4568: java-17-openjdk Important Security Advisory Updates

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

[1:17.0.12.0.7-2.0.1] - Add Oracle vendor bug URL [1:17.0.12.0.7-2] - Update to jdk-17.0.12+7 (GA) - Update .gitignore to ignore openjdk-17.0.12+7.tar.xz - Sync java-17-openjdk-portable.specfile - Set buildver to 7 - Set portablerelease 1 - Set is_ga to 1 - Update sources to openjdk-17.0.12+7.tar.xz - Resolves: RHEL-46638 - Resolves: RHEL-46996 - ** This tarball is embargoed until 2024-07-16 @ 1pm PT. ** [1:17.0.12.0.6-0.2.ea] - Set rpmrelease to 2 [1:17.0.12.0.6-0.1.ea] - Set portablerelease to 2 - Related: RHEL-46638 - Add debuginfo section to rpminspect.yaml (OPENJDK-2904) - Add unicode section to rpminspect.yaml (OPENJDK-2904) - Add contents of fips-17u-e893be00150.patch [1:17.0.12.0.6-0.1.ea] - Add upstream patch that removes illegal RLO Unicode characters (JDK-8332174) - Sync the copy of the portable specfile with the latest update [1:17.0.12.0.6-0.1.ea] - Delete fips-17u-d63771ea660.patch - Add fips-17u-e893be00150.patch - Update fipsver to e893be00150 [1:17.0.12.0.6-0.1.ea] - generate_source_tarball.sh: Use tar exclude options for VCS files - generate_source_tarball.sh: Improve VCS exclusion [1:17.0.12.0.6-0.1.ea] - generate_source_tarball.sh: Update examples in header for clarity - generate_source_tarball.sh: Cleanup message issued when checkout already exists - generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP - generate_source_tarball.sh: Only add --depth=1 on non-local repositories - icedtea_sync.sh: Reinstate from rhel-8.9.0 branch - Move maintenance scripts to a scripts subdirectory - discover_trees.sh: Set compile-command and indentation instructions for Emacs - discover_trees.sh: shellcheck: Do not use -o (SC2166) - discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - discover_trees.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: Add authorship - icedtea_sync.sh: Set compile-command and indentation instructions for Emacs - icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) - icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: Set compile-command and indentation instructions for Emacs - openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) - openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) - generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST - generate_source_tarball.sh: Double-quote DEPTH reference (SC2086) - generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck [1:17.0.12.0.6-0.1.ea] - Update to jdk-17.0.12+6 (EA) - Add openjdk-17.0.12+6-ea.tar.xz to .gitignore - Set updatever to 12 - Set buildver to 6 - Set rpmrelease to 1 - Set is_ga to 0 - Update sources to openjdk-17.0.12+6-ea.tar.xz - Require tzdata-java 2024a at runtime and for build (JDK-8325150) - Update lcms2 bundled provides to 2.16.0 - Add zlib 1.3.1 bundled provides and zlib-devel build requirement (OPENJDK-3065) - Use component in EPEL and Fedora bug URLs - Label as error a designator mismatch - Change a fix-me comment to a note instead - Sync generate_source_tarball.sh from Fedora rawhide

SRPMs

http://oss.oracle.com/ol8/SRPMS-updates//java-17-openjdk-17.0.12.0.7-2.0.1.el8.src.rpm

x86_64

java-17-openjdk-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-demo-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-devel-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-headless-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-javadoc-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-javadoc-zip-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-jmods-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-src-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-static-libs-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-demo-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-demo-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-devel-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-devel-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-headless-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-headless-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-jmods-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-jmods-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-src-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-src-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-static-libs-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm java-17-openjdk-static-libs-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm

aarch64

java-17-openjdk-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-demo-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-devel-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-headless-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-javadoc-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-javadoc-zip-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-jmods-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-src-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-static-libs-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-demo-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-demo-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-devel-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-devel-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-headless-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-headless-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-jmods-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-jmods-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-src-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-src-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-static-libs-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm java-17-openjdk-static-libs-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm

i386

Severity
Related CVEs: CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved