Explore top 10 tips to secure your open-source projects now. Read More
×
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox restrictions. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3929-1
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3728-1
updated to July security update 20.0.2.9 portables. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-469d0d1a18 2023-08-16 01:20:55.660826 -------------------------------------------------------------------------------- Name : java-latest-openjdk Product : Fedora 38 Version : 20.0.2.0.9 Release : 1.rolling.fc38 URL : https://openjdk.org/ Summary : OpenJDK 20 Runtime Environment Description : The OpenJDK 20 runtime environment. -------------------------------------------------------------------------------- Update Information: updated to July security update 20.0.2.9 portables -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 7 2023 Jiri Vanek - 1:20.0.2.0.9-2.rolling - updated to July security update 20.0.2.9 portables * Thu Jul 20 2023 Fedora Release Engineering - 1:20.0.1.0.9-8.rolling.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu May 11 2023 Andrew Hughes - 1:20.0.1.0.9-8.rolling - Following JDK-8005165, class data sharing can be enabled on all JIT architectures * Wed May 10 2023 Severin Gehwolf - 1:20.0.1.0.9-6.rolling - Fix packaging of CDS archives * Fri Apr 28 2023 Jiri Vanek - 1:20.0.1.0.9-6.rolling - faking build-id in libjsvml.so * Fri Apr 28 2023 Jiri Vanek - 1:20.0.1.0.9-5.rolling - returned news * Fri Apr 28 2023 Jiri Vanek - 1:20.0.1.0.9-4.rolling - now expecting the exact version in portbale filename * Fri Apr 28 2023 Jiri Vanek - 1:20.0.1.0.9-3.rolling - updated to 20.0.1.0.9 underlying portables * Wed Apr 19 2023 Jiri Vanek - 1:20.0.0.0.36-3.rolling - using icons from source package - providing full sources via src package - requiring exact version.reelase of portables - returned libsystemconf.so * Mon Apr 3 2023 Jiri Vanek - 1:20.0.0.0.36-1.rolling - bumed to jdk20 - removed no loger existing libsystemconf.so - commented out usage ifSource15 TestSecurityProperties.java test, as honoring of -- system crypto policies comes from fips aptch which is not yet adapted * Mon Jan 30 2023 Jiri Vanek - 1:19.0.2.0.7-5.rolling - Using icons whcih are now part of the portble tarball * Mon Jan 30 2023 Jiri Vanek - 1:19.0.2.0.7-4.rolling - repacked bits are now requested in exact version * Mon Jan 30 2023 Petra Alice Mikova - 1:19.0.2.0.7-3.rolling - return libfreetype.so binary to resolve requires problems - remove BuildRequires: java-latest-openjdk * Thu Jan 26 2023 Jiri Vanek - 1:19.0.2.0.7-2.rolling - repacked portables - todo icons - disabled tzdata tests - todo, resolve - left some duplicated "final tunings" - todo, lost alt java manpage.. probably already in portables - TODO conslut this clean up - javdoc, freetype and NEWS - todo, debuginfo * Thu Jan 26 2023 Andrew Hughes - 1:19.0.2.0.7-1.rolling - Update to jdk-19.0.2 release - Update release notes to 19.0.2 - Drop JDK-8293834 (CLDR update for Kyiv) which is now upstream - Drop JDK-8294357 (tzdata2022d), JDK-8295173 (tzdata2022e) & JDK-8296108 (tzdata2022f) local patches which are now upstream - Drop JDK-8296715 (CLDR update for 2022f) which is now upstream - Add local patch JDK-8295447 (javac NPE) which was accepted into 19u upstream but not in the GA tag - Add local patches for JDK-8296239 & JDK-8299439 (Croatia Euro update) which are present in 8u, 11u & 17u releases * Thu Jan 19 2023 Fedora Release Engineering - 1:19.0.1.0.10-3.rolling.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Dec 16 2022 Andrew Hughes - 1:19.0.1.0.10-3.rolling - Update in-tree tzdata & CLDR to 2022g with JDK-8296108, JDK-8296715 & JDK-8297804 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone * Wed Dec 7 2022 Stephan Bergmann - 1:19.0.1.0.10-3.rolling - Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat * Wed Oct 26 2022 Andrew Hughes - 1:19.0.1.0.10-2.rolling - Update in-tree tzdata to 2022ewith JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream * Thu Oct 20 2022 Andrew Hughes - 1:19.0.1.0.10-1.rolling - Update to jdk-19.0.1 release - Update release notes to 19.0.1 * Wed Sep 21 2022 Andrew Hughes - 1:19.0.0.0.36-3.rolling - The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds - Remove freetype sources along with zlib sources * Tue Aug 30 2022 Andrew Hughes - 1:19.0.0.0.36-2.rolling - Switch buildjdkver back to being featurever, now java-19-openjdk is available in the buildroot * Mon Aug 29 2022 Andrew Hughes - 1:19.0.0.0.36-2.rolling - Switch to static builds, reducing system dependencies and making build more portable * Mon Aug 29 2022 Andrew Hughes - 1:19.0.0.0.36-1.rolling - Update to RC version of OpenJDK 19 - Update release notes to 19.0.0 - Rebase FIPS patches from fips-19u branch - Need to include the '.S' suffix in debuginfo checks after JDK-8284661 - Add patch to provide translations for Europe/Kyiv added in tzdata2022b - Add test to ensure timezones can be translated - Remove references to sample directory removed by JDK-8284999 * Fri Jul 22 2022 Andrew Hughes - 1:18.0.2.0.9-1.rolling - Update to jdk-18.0.2 release - Update release notes to 18.0.2 - Drop JDK-8282004 patch which is now upstreamed under JDK-8282231 - Exclude x86 where java_arches is undefined, in order to unbreak build * Fri Jul 22 2022 Jiri Vanek - 1:18.0.1.1.2-8.rolling - moved to build only on %{java_arches} -- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs - reverted : -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release) -- Try to build on x86 again by creating a husk of a JDK which does not depend on itself -- Exclude x86 from builds as the bootstrap JDK is now completely broken andunusable -- Replaced binaries and .so files with bash-stubs on i686 - added ExclusiveArch: %{java_arches} -- this now excludes i686 -- this is safely backport-able to older fedoras, as the macro was backported properly (with i686 included) - https://bugzilla.redhat.com/show_bug.cgi?id=2104125 * Thu Jul 21 2022 Fedora Release Engineering - 1:18.0.1.1.2-7.rolling.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 19 2022 Andrew Hughes - 1:18.0.1.1.2-7.rolling - Try to build on x86 again by creating a husk of a JDK which does not depend on itself * Sun Jul 17 2022 Andrew Hughes - 1:18.0.1.1.2-6.rolling - Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable * Wed Jul 13 2022 Andrew Hughes - 1:18.0.1.1.2-5.rolling - Explicitly require crypto-policies during build and runtime for system security properties * Wed Jul 13 2022 Jiri Vanek - 1:18.0.1.1.2-4.rolling. - Replaced binaries and .so files with bash-stubs on i686 in preparation of the removal on that architecture: - https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs * Wed Jul 13 2022 Andrew Hughes - 1:18.0.1.1.2-3.rolling - Make use of the vendor version string to store our version & release rather than an upstream release date * Tue Jul 12 2022 FeRD (Frank Dana) - 1:18.0.1.1.2-2.rolling - Add javaver- and origin-specific javadoc and javadoczip alternatives. * Mon Jul 11 2022 Andrew Hughes - 1:18.0.1.1.2-1.rolling - Update to jdk-18.0.1.1 interim release - Update release notes to actually reflect OpenJDK 18 and subsequent releases 18.0.1 & 18.0.1.1 - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 * Sat Jul 9 2022 Jayashree Huttanagoudar - 1:18.0.1.0.10-8.rolling - Fix issue where CheckVendor.java test erroneously passes whenit should fail. - Add proper quoting so '&' is not treated as a special character by the shell. * Sat Jul 9 2022 Andrew Hughes - 1:18.0.1.0.10-8.rolling - Include a test in the RPM to check the build has the correct vendor information. * Fri Jul 8 2022 Andrew Hughes - 1:18.0.1.0.10-7.rolling - Fix whitespace in spec file * Fri Jul 8 2022 Andrew Hughes - 1:18.0.1.0.10-7.rolling - Sequence spec file sections as they are run by rpmbuild (build, install then test) * Fri Jul 8 2022 Andrew Hughes - 1:18.0.1.0.10-7.rolling - Turn on system security properties as part of the build's install section - Move cacerts replacement to install section and retain original of this and tzdb.dat - Run tests on the installed image, rather than the build image - Introduce variables to refer to the static library installation directories - Use relative symlinks so they work within the image - Run debug symbols check during build stage, before the install strips them * Thu Jul 7 2022 Stephan Bergmann - 1:18.0.1.0.10-6.rolling - Fix flatpak builds by exempting them from bootstrap * Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:18.0.1.0.10-5.rolling - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode * Thu Jun 30 2022 Stephan Bergmann - 1:18.0.1.0.10-4.rolling - Fix flatpak builds (catering for their uncompressed manual pages) * Fri Jun 24 2022 Andrew Hughes - 1:18.0.1.0.10-3.rolling - Update FIPS support to bring in latest changes - * RH2023467: Enable FIPS keys export - * RH2094027: SunEC runtime permission for FIPS - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties testwith property debugging on - Minor sync-ups with java-17-openjdk spec file * Wed May 25 2022 Andrew Hughes - 1:18.0.1.0.10-2.rolling - Exclude s390x from the gdb test on RHEL 7 where we see failures with the portable build * Wed Apr 27 2022 Jiri Vanek - 1:18.0.1.0.10-1.rolling. - updated to CPU jdk-18.0.1+10 sources * Wed Apr 6 2022 Jiri Vanek - 1:18.0.0.0.37-4.rolling - Remove hardcoded /usr/lib/jvm by %{_jvmdir} to make rpmlint happy * Wed Mar 23 2022 Andrew Hughes - 1:18.0.0.0.37-3.rolling - Automatically turn off building a fresh HotSpot first, if the bootstrap JDK is not the same major version as that being built * Mon Mar 21 2022 Jiri Vanek - 1:18.0.0.0.37-2.rolling - replaced tabs by sets of spaces to make rpmlint happy - set build jdk to 18 - as ga is 1, set vendor_version_string to 22.3 * Wed Mar 16 2022 Andrew Hughes - 1:18.0.0.0.37-1.rolling - Update to RC version of OpenJDK 18 - Support JVM variant zero following JDK-8273494 no longer installing Zero's libjvm.so in the server directory - Disable HotSpot-only pre-build which is incompatible with the boot JDK being a different major version to that being built - Rebase FIPS patches from fips-18u branch and simplify by using a single patch from that repository - Detect NSS at runtime for FIPS detection - Turn off build-time NSS linking and go back to an explicit Requires on NSS - Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch * Wed Mar 16 2022 Petra Alice Mikova - 1:18.0.0.0.37-1.rolling - update to ea version of jdk18 - add new slave jwebserver and corresponding manpage - adjust rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch * Wed Feb 16 2022 Andrew Hughes - 1:17.0.2.0.8-5 - Reinstate JIT builds on x86_32. - Add JDK-8282004 to fix missing CALL effects on x86_32. * Mon Feb 7 2022 Severin Gehwolf - 1:17.0.2.0.8-4 - Re-enable gdb backtrace check. - ResolvesRHBZ#2041970 * Fri Feb 4 2022 Andrew Hughes - 1:17.0.2.0.8-3 - Temporarily move x86 to use Zero in order to get a working build - Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment - Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK. - Explicitly list JIT architectures rather than relying on those with slowdebug builds - Disable the serviceability agent on Zero architectures even when the architecture itself is supported * Mon Jan 24 2022 Andrew Hughes - 1:17.0.2.0.8-2.rolling - Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64) - Need to support noarch for creating source RPMs for non-scratch builds. * Mon Jan 24 2022 Andrew Hughes - 1:17.0.2.0.8-1.rolling - January 2022 security update to jdk 17.0.2+8 - Extend LTS check to exclude EPEL. - Rename libsvml.so to libjsvml.so following JDK-8276025 - Remove JDK-8276572 patch which is now upstream. - Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java * Mon Jan 24 2022 Severin Gehwolf - 1:17.0.2.0.8-1.rolling - Set LTS designator. * Mon Jan 24 2022 Andrew Hughes - 1:17.0.1.0.12-16.rolling - Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent * Thu Jan 20 2022 Fedora Release Engineering - 1:17.0.1.0.12-15.rolling.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Jan 18 2022 Andrew Hughes - 1:17.0.1.0.12-15.rolling - Sync gdb test with java-1.8.0-openjdk and improve architecture restrictions. - Disable on x86, x86_64, ppc64le & s390x while these are broken in rawhide. * Thu Jan 13 2022 Andrew Hughes - 1:17.0.1.0.12-14.rolling - Fix FIPS issues in native code and with initialisation of java.security.Security * Thu Dec 9 2021 Jiri Vanek - 1:17.0.1.0.12-13.rolling - Storing and restoring alterntives during update manually - Fixing Bug 2001567 - update ofJDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE -- The move of alternatives creation to posttrans to fix: -- Bug 1200302 - dnf reinstall breaks alternatives -- Had caused the alternatives to be removed, and then created again, -- instead of being added, and then removing the old, and thus persisting -- the selection in family -- Thus this fix, is storing the family of manually selected master, and if -- stored, then it is restoring the family of the master * Thu Dec 9 2021 Jiri Vanek - 1:17.0.1.0.12-12.rolling - Family extracted to globals * Thu Dec 9 2021 Jiri Vanek - 1:17.0.1.0.12-11.rolling - javadoc-zip got its own provides next to plain javadoc ones * Thu Dec 9 2021 Jiri Vanek - 1:17.0.1.0.12-10.rolling - replaced tabs by sets of spaces to make rpmlint happy * Mon Nov 29 2021 Andrew Hughes - 1:17.0.1.0.12-9.rolling - Handle Fedora in distro conditionals that currently only pertain to RHEL. * Fri Nov 5 2021 Andrew Hughes - 1:17.0.1.0.12-8.rolling - Patch syslookup.c so it actually has some code to be compiled into libsyslookup - Related: rhbz#2013846 * Wed Nov 3 2021 Severin Gehwolf - 1:17.0.1.0.12-7.rolling - Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy secmod.db file as part of nss * Wed Nov 3 2021 Andrew Hughes - 1:17.0.1.0.12-6.rolling - Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. * Thu Oct 28 2021 Andrew Hughes - 1:17.0.1.0.12-5.rolling - Sync desktop files with upstream IcedTea release 3.15.0 using new script * Tue Oct 26 2021 Andrew Hughes - 1:17.0.1.0.12-4.rolling - Restructure the build so a minimal initial build is then used for the final build (with docs) - This reduces pressure on the system JDK and ensures the JDK being built can do a full build * Tue Oct 26 2021 Jiri Vanek - 1:17.0.1.0.12-3.rolling - Minor cosmetic improvements to make spec more comparable between variants * Thu Oct 21 2021 Andrew Hughes -1:17.0.1.0.12-2.rolling - Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap-> _heaps) and @JAVA_SPEC_VER@ - Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository * Wed Oct 20 2021 Petra Alice Mikova - 1:17.0.1.0.12-1.rolling - October CPU update to jdk 17.0.1+12 - dropped commented-out source line * Sun Oct 10 2021 Andrew Hughes - 1:17.0.0.0.35-5.rolling - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false * Sun Oct 10 2021 Martin Balao - 1:17.0.0.0.35-5.rolling - Add patch to allow plain key import. * Thu Sep 30 2021 Andrew Hughes - 1:17.0.0.0.35-4.rolling - Fix unused function compiler warning found in systemconf.c - Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access. * Thu Sep 30 2021 Martin Balao - 1:17.0.0.0.35-4.rolling - Add patch to login to the NSS software token when in FIPS mode. * Mon Sep 27 2021 Andrew Hughes - 1:17.0.0.0.35-3.rolling - Update release notes to document the major changes between OpenJDK 11 & 17. * Thu Sep 16 2021 Martin Balao - 1:17.0.0.0.35-2.rolling - Add patch to disable non-FIPS crypto in the SUN and SunEC security providers. * Tue Sep 14 2021 Andrew Hughes - 1:17.0.0.0.35-1.rolling - Update to jdk-17+35, also known as jdk-17-ga. - Switch to GA mode. * Wed Sep 8 2021 Andrew Hughes - 1:17.0.0.0.33-0.3.ea.rolling - Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure. - Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM. * Wed Sep 8 2021 Martin Balao - 1:17.0.0.0.33-0.3.ea.rolling - Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library. * Mon Sep 6 2021 Andrew Hughes - 1:17.0.0.0.33-0.2.ea.rolling - Update RH1655466 FIPS patch with changes in OpenJDK 8 version. - SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file. - Change nss.fips.cfgconfig name to "NSS-FIPS" to avoid confusion with nss.cfg. - No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable. - Disable FIPS mode support unless com.redhat.fips is set to "true". - Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable). - Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode - Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071) * Mon Sep 6 2021 Martin Balao - 1:17.0.0.0.33-0.2.ea.rolling - Support the FIPS mode crypto policy (RH1655466) - Use appropriate keystore types when in FIPS mode (RH1818909) - Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986) * Mon Aug 30 2021 Jiri Vanek - 1:17.0.0.0.33-0.1.ea.rolling - alternatives creation moved to posttrans - Thus fixing the old reisntall issue: - https://bugzilla.redhat.com/show_bug.cgi?id=1200302 - https://bugzilla.redhat.com/show_bug.cgi?id=1976053 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-469d0d1a18' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
updated to July security update 20.0.2.9 portables. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-ba53233477 2023-08-16 00:37:57.058805 -------------------------------------------------------------------------------- Name : java-latest-openjdk Product : Fedora 37 Version : 20.0.2.0.9 Release : 1.rolling.fc37 URL : https://openjdk.org/ Summary : OpenJDK 20 Runtime Environment Description : The OpenJDK 20 runtime environment. -------------------------------------------------------------------------------- Update Information: updated to July security update 20.0.2.9 portables -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 7 2023 Jiri Vanek - 1:20.0.2.0.9-2.rolling - updated to July security update 20.0.2.9 portables * Thu Jul 20 2023 Fedora Release Engineering - 1:20.0.1.0.9-8.rolling.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu May 11 2023 Andrew Hughes - 1:20.0.1.0.9-8.rolling - Following JDK-8005165, class data sharing can be enabled on all JIT architectures * Wed May 10 2023 Severin Gehwolf - 1:20.0.1.0.9-6.rolling - Fix packaging of CDS archives * Fri Apr 28 2023 Jiri Vanek - 1:20.0.1.0.9-6.rolling - faking build-id in libjsvml.so * Fri Apr 28 2023 Jiri Vanek - 1:20.0.1.0.9-5.rolling - returned news * Fri Apr 28 2023 Jiri Vanek - 1:20.0.1.0.9-4.rolling - now expecting the exact version in portbale filename * Fri Apr 28 2023 Jiri Vanek - 1:20.0.1.0.9-3.rolling - updated to 20.0.1.0.9 underlying portables * Wed Apr 19 2023 Jiri Vanek - 1:20.0.0.0.36-3.rolling - using icons from source package - providing full sources via src package - requiring exact version.reelase of portables - returned libsystemconf.so * Mon Apr 3 2023 Jiri Vanek - 1:20.0.0.0.36-1.rolling - bumed to jdk20 - removed no loger existing libsystemconf.so - commented out usage ifSource15 TestSecurityProperties.java test, as honoring of -- system crypto policies comes from fips aptch which is not yet adapted * Mon Jan 30 2023 Jiri Vanek - 1:19.0.2.0.7-5.rolling - Using icons whcih are now part of the portble tarball * Mon Jan 30 2023 Jiri Vanek - 1:19.0.2.0.7-4.rolling - repacked bits are now requested in exact version * Mon Jan 30 2023 Petra Alice Mikova - 1:19.0.2.0.7-3.rolling - return libfreetype.so binary to resolve requires problems - remove BuildRequires: java-latest-openjdk * Thu Jan 26 2023 Jiri Vanek - 1:19.0.2.0.7-2.rolling - repacked portables - todo icons - disabled tzdata tests - todo, resolve - left some duplicated "final tunings" - todo, lost alt java manpage.. probably already in portables - TODO conslut this clean up - javdoc, freetype and NEWS - todo, debuginfo * Thu Jan 26 2023 Andrew Hughes - 1:19.0.2.0.7-1.rolling - Update to jdk-19.0.2 release - Update release notes to 19.0.2 - Drop JDK-8293834 (CLDR update for Kyiv) which is now upstream - Drop JDK-8294357 (tzdata2022d), JDK-8295173 (tzdata2022e) & JDK-8296108 (tzdata2022f) local patches which are now upstream - Drop JDK-8296715 (CLDR update for 2022f) which is now upstream - Add local patch JDK-8295447 (javac NPE) which was accepted into 19u upstream but not in the GA tag - Add local patches for JDK-8296239 & JDK-8299439 (Croatia Euro update) which are present in 8u, 11u & 17u releases * Thu Jan 19 2023 Fedora Release Engineering - 1:19.0.1.0.10-3.rolling.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Dec 16 2022 Andrew Hughes - 1:19.0.1.0.10-3.rolling - Update in-tree tzdata & CLDR to 2022g with JDK-8296108, JDK-8296715 & JDK-8297804 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone * Wed Dec 7 2022 Stephan Bergmann - 1:19.0.1.0.10-3.rolling - Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat * Wed Oct 26 2022 Andrew Hughes - 1:19.0.1.0.10-2.rolling - Update in-tree tzdata to 2022ewith JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream * Thu Oct 20 2022 Andrew Hughes - 1:19.0.1.0.10-1.rolling - Update to jdk-19.0.1 release - Update release notes to 19.0.1 * Wed Sep 21 2022 Andrew Hughes - 1:19.0.0.0.36-3.rolling - The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds - Remove freetype sources along with zlib sources * Tue Aug 30 2022 Andrew Hughes - 1:19.0.0.0.36-2.rolling - Switch buildjdkver back to being featurever, now java-19-openjdk is available in the buildroot * Mon Aug 29 2022 Andrew Hughes - 1:19.0.0.0.36-2.rolling - Switch to static builds, reducing system dependencies and making build more portable * Mon Aug 29 2022 Andrew Hughes - 1:19.0.0.0.36-1.rolling - Update to RC version of OpenJDK 19 - Update release notes to 19.0.0 - Rebase FIPS patches from fips-19u branch - Need to include the '.S' suffix in debuginfo checks after JDK-8284661 - Add patch to provide translations for Europe/Kyiv added in tzdata2022b - Add test to ensure timezones can be translated - Remove references to sample directory removed by JDK-8284999 * Fri Jul 22 2022 Andrew Hughes - 1:18.0.2.0.9-1.rolling - Update to jdk-18.0.2 release - Update release notes to 18.0.2 - Drop JDK-8282004 patch which is now upstreamed under JDK-8282231 - Exclude x86 where java_arches is undefined, in order to unbreak build * Fri Jul 22 2022 Jiri Vanek - 1:18.0.1.1.2-8.rolling - moved to build only on %{java_arches} -- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs - reverted : -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release) -- Try to build on x86 again by creating a husk of a JDK which does not depend on itself -- Exclude x86 from builds as the bootstrap JDK is now completely broken andunusable -- Replaced binaries and .so files with bash-stubs on i686 - added ExclusiveArch: %{java_arches} -- this now excludes i686 -- this is safely backport-able to older fedoras, as the macro was backported properly (with i686 included) - https://bugzilla.redhat.com/show_bug.cgi?id=2104125 * Thu Jul 21 2022 Fedora Release Engineering - 1:18.0.1.1.2-7.rolling.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 19 2022 Andrew Hughes - 1:18.0.1.1.2-7.rolling - Try to build on x86 again by creating a husk of a JDK which does not depend on itself * Sun Jul 17 2022 Andrew Hughes - 1:18.0.1.1.2-6.rolling - Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable * Wed Jul 13 2022 Andrew Hughes - 1:18.0.1.1.2-5.rolling - Explicitly require crypto-policies during build and runtime for system security properties * Wed Jul 13 2022 Jiri Vanek - 1:18.0.1.1.2-4.rolling. - Replaced binaries and .so files with bash-stubs on i686 in preparation of the removal on that architecture: - https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs * Wed Jul 13 2022 Andrew Hughes - 1:18.0.1.1.2-3.rolling - Make use of the vendor version string to store our version & release rather than an upstream release date * Tue Jul 12 2022 FeRD (Frank Dana) - 1:18.0.1.1.2-2.rolling - Add javaver- and origin-specific javadoc and javadoczip alternatives. * Mon Jul 11 2022 Andrew Hughes - 1:18.0.1.1.2-1.rolling - Update to jdk-18.0.1.1 interim release - Update release notes to actually reflect OpenJDK 18 and subsequent releases 18.0.1 & 18.0.1.1 - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 * Sat Jul 9 2022 Jayashree Huttanagoudar - 1:18.0.1.0.10-8.rolling - Fix issue where CheckVendor.java test erroneously passes whenit should fail. - Add proper quoting so '&' is not treated as a special character by the shell. * Sat Jul 9 2022 Andrew Hughes - 1:18.0.1.0.10-8.rolling - Include a test in the RPM to check the build has the correct vendor information. * Fri Jul 8 2022 Andrew Hughes - 1:18.0.1.0.10-7.rolling - Fix whitespace in spec file * Fri Jul 8 2022 Andrew Hughes - 1:18.0.1.0.10-7.rolling - Sequence spec file sections as they are run by rpmbuild (build, install then test) * Fri Jul 8 2022 Andrew Hughes - 1:18.0.1.0.10-7.rolling - Turn on system security properties as part of the build's install section - Move cacerts replacement to install section and retain original of this and tzdb.dat - Run tests on the installed image, rather than the build image - Introduce variables to refer to the static library installation directories - Use relative symlinks so they work within the image - Run debug symbols check during build stage, before the install strips them * Thu Jul 7 2022 Stephan Bergmann - 1:18.0.1.0.10-6.rolling - Fix flatpak builds by exempting them from bootstrap * Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:18.0.1.0.10-5.rolling - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode * Thu Jun 30 2022 Stephan Bergmann - 1:18.0.1.0.10-4.rolling - Fix flatpak builds (catering for their uncompressed manual pages) * Fri Jun 24 2022 Andrew Hughes - 1:18.0.1.0.10-3.rolling - Update FIPS support to bring in latest changes - * RH2023467: Enable FIPS keys export - * RH2094027: SunEC runtime permission for FIPS - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties testwith property debugging on - Minor sync-ups with java-17-openjdk spec file * Wed May 25 2022 Andrew Hughes - 1:18.0.1.0.10-2.rolling - Exclude s390x from the gdb test on RHEL 7 where we see failures with the portable build * Wed Apr 27 2022 Jiri Vanek - 1:18.0.1.0.10-1.rolling. - updated to CPU jdk-18.0.1+10 sources * Wed Apr 6 2022 Jiri Vanek - 1:18.0.0.0.37-4.rolling - Remove hardcoded /usr/lib/jvm by %{_jvmdir} to make rpmlint happy * Wed Mar 23 2022 Andrew Hughes - 1:18.0.0.0.37-3.rolling - Automatically turn off building a fresh HotSpot first, if the bootstrap JDK is not the same major version as that being built * Mon Mar 21 2022 Jiri Vanek - 1:18.0.0.0.37-2.rolling - replaced tabs by sets of spaces to make rpmlint happy - set build jdk to 18 - as ga is 1, set vendor_version_string to 22.3 * Wed Mar 16 2022 Andrew Hughes - 1:18.0.0.0.37-1.rolling - Update to RC version of OpenJDK 18 - Support JVM variant zero following JDK-8273494 no longer installing Zero's libjvm.so in the server directory - Disable HotSpot-only pre-build which is incompatible with the boot JDK being a different major version to that being built - Rebase FIPS patches from fips-18u branch and simplify by using a single patch from that repository - Detect NSS at runtime for FIPS detection - Turn off build-time NSS linking and go back to an explicit Requires on NSS - Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch * Wed Mar 16 2022 Petra Alice Mikova - 1:18.0.0.0.37-1.rolling - update to ea version of jdk18 - add new slave jwebserver and corresponding manpage - adjust rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch * Wed Feb 16 2022 Andrew Hughes - 1:17.0.2.0.8-5 - Reinstate JIT builds on x86_32. - Add JDK-8282004 to fix missing CALL effects on x86_32. * Mon Feb 7 2022 Severin Gehwolf - 1:17.0.2.0.8-4 - Re-enable gdb backtrace check. - ResolvesRHBZ#2041970 * Fri Feb 4 2022 Andrew Hughes - 1:17.0.2.0.8-3 - Temporarily move x86 to use Zero in order to get a working build - Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment - Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK. - Explicitly list JIT architectures rather than relying on those with slowdebug builds - Disable the serviceability agent on Zero architectures even when the architecture itself is supported * Mon Jan 24 2022 Andrew Hughes - 1:17.0.2.0.8-2.rolling - Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64) - Need to support noarch for creating source RPMs for non-scratch builds. * Mon Jan 24 2022 Andrew Hughes - 1:17.0.2.0.8-1.rolling - January 2022 security update to jdk 17.0.2+8 - Extend LTS check to exclude EPEL. - Rename libsvml.so to libjsvml.so following JDK-8276025 - Remove JDK-8276572 patch which is now upstream. - Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java * Mon Jan 24 2022 Severin Gehwolf - 1:17.0.2.0.8-1.rolling - Set LTS designator. * Mon Jan 24 2022 Andrew Hughes - 1:17.0.1.0.12-16.rolling - Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent * Thu Jan 20 2022 Fedora Release Engineering - 1:17.0.1.0.12-15.rolling.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Jan 18 2022 Andrew Hughes - 1:17.0.1.0.12-15.rolling - Sync gdb test with java-1.8.0-openjdk and improve architecture restrictions. - Disable on x86, x86_64, ppc64le & s390x while these are broken in rawhide. * Thu Jan 13 2022 Andrew Hughes - 1:17.0.1.0.12-14.rolling - Fix FIPS issues in native code and with initialisation of java.security.Security * Thu Dec 9 2021 Jiri Vanek - 1:17.0.1.0.12-13.rolling - Storing and restoring alterntives during update manually - Fixing Bug 2001567 - update ofJDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE -- The move of alternatives creation to posttrans to fix: -- Bug 1200302 - dnf reinstall breaks alternatives -- Had caused the alternatives to be removed, and then created again, -- instead of being added, and then removing the old, and thus persisting -- the selection in family -- Thus this fix, is storing the family of manually selected master, and if -- stored, then it is restoring the family of the master * Thu Dec 9 2021 Jiri Vanek - 1:17.0.1.0.12-12.rolling - Family extracted to globals * Thu Dec 9 2021 Jiri Vanek - 1:17.0.1.0.12-11.rolling - javadoc-zip got its own provides next to plain javadoc ones * Thu Dec 9 2021 Jiri Vanek - 1:17.0.1.0.12-10.rolling - replaced tabs by sets of spaces to make rpmlint happy * Mon Nov 29 2021 Andrew Hughes - 1:17.0.1.0.12-9.rolling - Handle Fedora in distro conditionals that currently only pertain to RHEL. * Fri Nov 5 2021 Andrew Hughes - 1:17.0.1.0.12-8.rolling - Patch syslookup.c so it actually has some code to be compiled into libsyslookup - Related: rhbz#2013846 * Wed Nov 3 2021 Severin Gehwolf - 1:17.0.1.0.12-7.rolling - Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy secmod.db file as part of nss * Wed Nov 3 2021 Andrew Hughes - 1:17.0.1.0.12-6.rolling - Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. * Thu Oct 28 2021 Andrew Hughes - 1:17.0.1.0.12-5.rolling - Sync desktop files with upstream IcedTea release 3.15.0 using new script * Tue Oct 26 2021 Andrew Hughes - 1:17.0.1.0.12-4.rolling - Restructure the build so a minimal initial build is then used for the final build (with docs) - This reduces pressure on the system JDK and ensures the JDK being built can do a full build * Tue Oct 26 2021 Jiri Vanek - 1:17.0.1.0.12-3.rolling - Minor cosmetic improvements to make spec more comparable between variants * Thu Oct 21 2021 Andrew Hughes -1:17.0.1.0.12-2.rolling - Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap-> _heaps) and @JAVA_SPEC_VER@ - Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository * Wed Oct 20 2021 Petra Alice Mikova - 1:17.0.1.0.12-1.rolling - October CPU update to jdk 17.0.1+12 - dropped commented-out source line * Sun Oct 10 2021 Andrew Hughes - 1:17.0.0.0.35-5.rolling - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false * Sun Oct 10 2021 Martin Balao - 1:17.0.0.0.35-5.rolling - Add patch to allow plain key import. * Thu Sep 30 2021 Andrew Hughes - 1:17.0.0.0.35-4.rolling - Fix unused function compiler warning found in systemconf.c - Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access. * Thu Sep 30 2021 Martin Balao - 1:17.0.0.0.35-4.rolling - Add patch to login to the NSS software token when in FIPS mode. * Mon Sep 27 2021 Andrew Hughes - 1:17.0.0.0.35-3.rolling - Update release notes to document the major changes between OpenJDK 11 & 17. * Thu Sep 16 2021 Martin Balao - 1:17.0.0.0.35-2.rolling - Add patch to disable non-FIPS crypto in the SUN and SunEC security providers. * Tue Sep 14 2021 Andrew Hughes - 1:17.0.0.0.35-1.rolling - Update to jdk-17+35, also known as jdk-17-ga. - Switch to GA mode. * Wed Sep 8 2021 Andrew Hughes - 1:17.0.0.0.33-0.3.ea.rolling - Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure. - Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM. * Wed Sep 8 2021 Martin Balao - 1:17.0.0.0.33-0.3.ea.rolling - Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library. * Mon Sep 6 2021 Andrew Hughes - 1:17.0.0.0.33-0.2.ea.rolling - Update RH1655466 FIPS patch with changes in OpenJDK 8 version. - SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file. - Change nss.fips.cfgconfig name to "NSS-FIPS" to avoid confusion with nss.cfg. - No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable. - Disable FIPS mode support unless com.redhat.fips is set to "true". - Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable). - Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode - Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071) * Mon Sep 6 2021 Martin Balao - 1:17.0.0.0.33-0.2.ea.rolling - Support the FIPS mode crypto policy (RH1655466) - Use appropriate keystore types when in FIPS mode (RH1818909) - Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986) * Mon Aug 30 2021 Jiri Vanek - 1:17.0.0.0.33-0.1.ea.rolling - alternatives creation moved to posttrans - Thus fixing the old reisntall issue: - https://bugzilla.redhat.com/show_bug.cgi?id=1200302 - https://bugzilla.redhat.com/show_bug.cgi?id=1976053 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-ba53233477' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-11-openjdk security update Advisory ID: RHSA-2023:4157-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4157 Issue date: 2023-07-19 CVE Names: CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 ==================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) * OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193) * OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006) * OpenJDK: array indexing integeroverflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2167254 - CVE-2023-25193 harfbuzz: OpenJDK: O(n^2) growth via consecutive marks 2221619 - OpenJDK: font processing denial of service vulnerability (8301998) 2221626 - CVE-2023-22006 OpenJDK: HTTP client insufficient file name validation (8302475) 2221634 - CVE-2023-22036 OpenJDK: ZIP file parsing infinite loop (8302483) 2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468) 2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) 2223207 - CVE-2023-22041 OpenJDK: weakness in AES implementation (8308682) 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.9.0): Source: java-11-openjdk-11.0.20.0.8-1.el9_0.src.rpm aarch64: java-11-openjdk-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-demo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-devel-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-headless-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-javadoc-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-jmods-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-src-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-static-libs-11.0.20.0.8-1.el9_0.aarch64.rpm ppc64le: java-11-openjdk-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-demo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-devel-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-headless-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-javadoc-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-jmods-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-src-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-static-libs-11.0.20.0.8-1.el9_0.ppc64le.rpm s390x: java-11-openjdk-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-debuginfo-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-demo-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-devel-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-headless-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-javadoc-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-jmods-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-src-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-static-libs-11.0.20.0.8-1.el9_0.s390x.rpm x86_64: java-11-openjdk-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-demo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-devel-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-headless-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-javadoc-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-jmods-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-src-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-static-libs-11.0.20.0.8-1.el9_0.x86_64.rpm Red Hat CodeReady Linux Builder EUS(v.9.0): aarch64: java-11-openjdk-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-demo-fastdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-demo-slowdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-devel-fastdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-devel-slowdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-fastdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-headless-fastdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-headless-slowdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-jmods-fastdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-jmods-slowdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-slowdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-src-fastdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-src-slowdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-static-libs-fastdebug-11.0.20.0.8-1.el9_0.aarch64.rpm java-11-openjdk-static-libs-slowdebug-11.0.20.0.8-1.el9_0.aarch64.rpm ppc64le: java-11-openjdk-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-demo-fastdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-demo-slowdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-devel-fastdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-devel-slowdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-fastdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-fastdebug-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-headless-fastdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-headless-slowdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-jmods-fastdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-jmods-slowdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-slowdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-src-fastdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-src-slowdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-static-libs-fastdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm java-11-openjdk-static-libs-slowdebug-11.0.20.0.8-1.el9_0.ppc64le.rpm s390x: java-11-openjdk-debuginfo-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-demo-slowdebug-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-devel-slowdebug-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-headless-slowdebug-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-jmods-slowdebug-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-slowdebug-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-src-slowdebug-11.0.20.0.8-1.el9_0.s390x.rpm java-11-openjdk-static-libs-slowdebug-11.0.20.0.8-1.el9_0.s390x.rpm x86_64: java-11-openjdk-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-debugsource-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-demo-fastdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-demo-slowdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-devel-fastdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-devel-slowdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-fastdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-headless-fastdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-headless-slowdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-jmods-fastdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-jmods-slowdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-slowdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-src-fastdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-src-slowdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-static-libs-fastdebug-11.0.20.0.8-1.el9_0.x86_64.rpm java-11-openjdk-static-libs-slowdebug-11.0.20.0.8-1.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2023-22006 https://access.redhat.com/security/cve/CVE-2023-22036 https://access.redhat.com/security/cve/CVE-2023-22041 https://access.redhat.com/security/cve/CVE-2023-22045 https://access.redhat.com/security/cve/CVE-2023-22049 https://access.redhat.com/security/cve/CVE-2023-25193 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkuIgJAAoJENzjgjWX9erEvRAP/AgLiOElZQpf1VidbS7OSS0C PkR8EMd+16v+6dh3PgbNHXJjZPSRhh1nr2MWlMd6SMGz7StcGk/a7H1z62CEYyz0 750+tb8goAmiZEM97wYCozTt/qoXNlV+8lZZ9VAoQq3FV59RwJEQeOHI80G2JaQB yKtAp6987zGtnj6GCUkchIFiYfCqv/F3+GijCHgBeeLpr3OKbJAuwBkscDjg9VCh nuxb8CeH5GZyAVnT83u98kX1XjO+jEQgxyMK9OLsu7NqZ0hKoXjX3AjlvYjNwYhV iX6vkEVy5WBpznqBXeT/CSVhac0pkstNFt43VufUcoE1PBZuruqUWzsgLzJo0Kvk 2IAs84ugkoJxqhQYEYPr3vwwjjcQKtFIaAP0rO7UF26411Rs9oMq04cQp10UslAq qDf8FoD6kQFF9xdcb6pqvDlIIQsSHtZRkbWyySmIfD4rpeupgL+MDeaNuer27o8S v/ZsAWeLEVb3JXgwdqTGFDJUnof4ABe2AJs72DxzIk3hkbDFH/qBX9nCJ98n52WD 2LGqkZYsGuLlREhle3/k95gLj45eav9IQfQ03JSqniGzPxpXvxPVcsqNQVMBS67Z LefmD9VyVgzkLKh/iOYO+gcUBRDTUMnTJyjnzde2C/GZ/635xkspxwpFlE+b4A1s MunfSsmBh5lKCuX0F8vY =Jsjk -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5430-1
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing. For Debian 10 buster, these problems have been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3307-1
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing. For the stable distribution (bullseye), these problems have been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5331-1
Get the latest Linux and open source security news straight to your inbox.