Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 69 articles for you...
172

Ubuntu 25.04/24.10: USN-7531-1 critical: openjdk-21-crac security issues

Several security issues were fixed in CRaC JDK 21.. ========================================================================== Ubuntu Security Notice USN-7531-1 May 26, 2025 openjdk-21-crac vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 Summary: Several security issues were fixed in CRaC JDK 21. Software Description: - openjdk-21-crac: Open Source Java implementation with Coordinated Restore at Checkpoints Details: Alicja Kario discovered that the JSSE component of CRaC JDK 21 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of CRaC JDK 21 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of CRaC JDK 21 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 openjdk-21-crac-jdk 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jdk-headless 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre-headless 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre-zero 21.0.7+6.1-0ubuntu1~25.04 Ubuntu 24.10 openjdk-21-crac-jdk 21.0.7+6.1-0ubuntu1~24.10 openjdk-21-crac-jdk-headless 21.0.7+6.1-0ubuntu1~24.10 openjdk-21-crac-jre 21.0.7+6.1-0ubuntu1~24.10 openjdk-21-crac-jre-headless 21.0.7+6.1-0ubuntu1~24.10 openjdk-21-crac-jre-zero 21.0.7+6.1-0ubuntu1~24.10 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart Java applications to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7531-1 CVE-2025-21587, CVE-2025-30691, CVE-2025-30698 Package Information: https://launchpad.net/ubuntu/+source/openjdk-21-crac/21.0.7+6.1-0ubuntu1~25.04 https://launchpad.net/ubuntu/+source/openjdk-21-crac/21.0.7+6.1-0ubuntu1~24.10 . Critical vulnerabilities in openjdk-21-crac addressed, crucial for Ubuntu users on versions 25.04 and 24.10. Prompt update advised for protection!. openjdk security, Ubuntu Java vulnerabilities, Java update instructions. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 26, 2025 Critical Ubuntu
100

SUSE: 2024:4202-1 moderate: java-1_8_0-openjdk security issues

* bsc#1231702 * bsc#1231711 * bsc#1231716 * bsc#1231719 . # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2024:4202-1 Release Date: 2024-12-05T14:03:50Z Rating: moderate References: * bsc#1231702 * bsc#1231711 * bsc#1231716 * bsc#1231719 Cross-References: * CVE-2024-21208 * CVE-2024-21210 * CVE-2024-21217 * CVE-2024-21235 CVSS scores: * CVE-2024-21208 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-21208 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21208 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21210 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-21210 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21210 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21217 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-21217 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21217 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21235 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-21235 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21235 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Legacy Module 15-SP5 * Legacy Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux EnterpriseServer 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u432 (icedtea-3.33.0): \- CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286) \- CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544) \- CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446) \- CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-4202=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-4202=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-4202=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-4202=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4202=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4202=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -tpatch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4202=1 * SUSE Linux Enterprise Server 15 SP2 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4202=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4202=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4202=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4202=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4202=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4202=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-4202=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-src-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-accessibility-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.432-150000.3.100.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-src-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 *java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-accessibility-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * openSUSE Leap 15.6 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.432-150000.3.100.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 *java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3(ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debuginfo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-debugsource-1.8.0.432-150000.3.100.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.432-150000.3.100.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21208.html * https://www.suse.com/security/cve/CVE-2024-21210.html * https://www.suse.com/security/cve/CVE-2024-21217.html * https://www.suse.com/security/cve/CVE-2024-21235.html *https://bugzilla.suse.com/show_bug.cgi?id=1231702 * https://bugzilla.suse.com/show_bug.cgi?id=1231711 * https://bugzilla.suse.com/show_bug.cgi?id=1231716 * https://bugzilla.suse.com/show_bug.cgi?id=1231719 . Critical upgrade for java-1_8_0-openjdk addresses several vulnerabilities, enhancing reliability and security.. SUSE Java Update, OpenJDK Security, SUSE Security Fix. . LinuxSecurity.com Team

Calendar%202 Dec 05, 2024 SuSE
217

Oracle Linux 8 ELSA-2024-8117 Moderate: Java 1.8.0 Update

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8117 http://linux.oracle.com/errata/ELSA-2024-8117.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: java-1.8.0-openjdk-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-javadoc-1.8.0.432.b06-2.0.1.el8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.432.b06-2.0.1.el8.noarch.rpm java-1.8.0-openjdk-src-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.432.b06-2.0.1.el8.x86_64.rpm aarch64: java-1.8.0-openjdk-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-javadoc-1.8.0.432.b06-2.0.1.el8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.432.b06-2.0.1.el8.noarch.rpm java-1.8.0-openjdk-src-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.432.b06-2.0.1.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//java-1.8.0-openjdk-1.8.0.432.b06-2.0.1.el8.src.rpm Related CVEs: CVE-2023-48161 CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 Description of changes: [1.8.0.432.b06-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:1.8.0.432.b06-1] - Update to shenandoah-jdk8u432-b06 (GA) - Update release notes for shenandoah-8u432-b06. - Drop JDK-828109{6,7,8}/PR3836 patch following integration of upstream version - Regenerate JDK-8199936/PR3533 patch following JDK-828109{6,7,8} integration - Bump version of bundled zlib to 1.3.1 following JDK-8324632 - Include backport of JDK-8328999 to update giflib to 5.2.2 - Bump version of bundled giflib to 5.2.2 following JDK-8328999 - Add build scripts to repository to ease remembering all CentOS & RHEL targets and options - Sync the copy of the portable specfile with the latest update - Resolves: RHEL-58791 - Resolves: RHEL-62278 - Resolves: RHEL-61285 - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 security update ELSA-2024-9117 released, addressing critical vulnerabilities in java-1.8.0-openjdk packages.. Java Security, Oracle Linux Update, ELSA-2024-8117, Security Patch. .Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 21, 2024 Important Oracle
217

Oracle Linux 8 ELSA-2024-1819 Low: Additional Java Patch Release

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-1818 http://linux.oracle.com/errata/ELSA-2024-1818.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: java-1.8.0-openjdk-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-javadoc-1.8.0.412.b08-2.0.1.el8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.412.b08-2.0.1.el8.noarch.rpm java-1.8.0-openjdk-src-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.412.b08-2.0.1.el8.x86_64.rpm aarch64: java-1.8.0-openjdk-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-javadoc-1.8.0.412.b08-2.0.1.el8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.412.b08-2.0.1.el8.noarch.rpm java-1.8.0-openjdk-src-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.412.b08-2.0.1.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//java-1.8.0-openjdk-1.8.0.412.b08-2.0.1.el8.src.rpm Related CVEs: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 Description of changes: [1:1.8.0.412.b08-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Advisory ELSA-2024-1987 releases enhanced Java packages to mitigate critical vulnerabilities and safeguard systems against potential attacks.. Oracle Security Advisory, Java Update, Oracle Linux 8 Security, Software Risk, Java Security Fix. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Apr 24, 2024 Low Oracle
217

Oracle Linux 7: ELSA-2024-1821 Java 11 Update Details and Changes

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-1821 http://linux.oracle.com/errata/ELSA-2024-1821.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: java-11-openjdk-11.0.23.0.9-2.0.1.el7_9.aarch64.rpm java-11-openjdk-devel-11.0.23.0.9-2.0.1.el7_9.aarch64.rpm java-11-openjdk-headless-11.0.23.0.9-2.0.1.el7_9.aarch64.rpm java-11-openjdk-demo-11.0.23.0.9-2.0.1.el7_9.aarch64.rpm java-11-openjdk-javadoc-11.0.23.0.9-2.0.1.el7_9.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.23.0.9-2.0.1.el7_9.aarch64.rpm java-11-openjdk-jmods-11.0.23.0.9-2.0.1.el7_9.aarch64.rpm java-11-openjdk-src-11.0.23.0.9-2.0.1.el7_9.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//java-11-openjdk-11.0.23.0.9-2.0.1.el7_9.src.rpm Related CVEs: CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 Description of changes: [1:11.0.23.0.9-2.0.1] - link atomic for ix86 build [1:11.0.23.0.9-2] - Fix 11.0.22 release date in NEWS - Restore ppc64le --with-jobs=1 workaround to avoid flaky ppc builds [1:11.0.23.0.9-1] - Update to jdk-11.0.23+9 (GA) - Update release notes to 11.0.23+9 - Switch to GA mode for release - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - Only require tzdata 2023d for now as 2024a is unavailable in buildroot - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** - Resolves: RHEL-30914 [1:11.0.23.0.1-0.1.ea] - Update to jdk-11.0.23+1 (EA) - Update release notes to 11.0.23+1 - Switch to EA mode - Speed up PPC build by removing ppc64le --with-jobs=1 workaround _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Java 11 updates for Oracle Linux 7 address several security vulnerabilities; refer to advisory ELSA-2024-1821 for comprehensive information.. Oracle Linux Updates, Java 11 Security, RPM Security Advisory,aarch64 Java Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 23, 2024 Important Oracle
89

Fedora 40: 2024-129d8ca6fc High: Java Type Confusion Fix

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : relaxng-datatype-java Product : Fedora 40 Version : 2011.1 Release : 4.fc40 URL : https://relaxng.org/ Summary : The relaxng datatype library for Java Description : Interface between RELAX NG validators and datatype libraries. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 1 2024 Jiri Vanek - 2011.1-4 - bump of release for for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Uncover vital news about Fedora 40, featuring crucial amendments for type misinterpretation in Java alongside improvements in JDK functionality.. Type Confusion Security, Fedora 40 Update, Relaxng Datatype Java. . LinuxSecurity.com Team

Calendar%202 Mar 07, 2024 Fedora
89

Fedora 40: mariadb-java-client High Type Confusion CVE-2024-1938 Advisory FEDORA-2024-129d8ca6fc

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : mariadb-java-client Product : Fedora 40 Version : 3.3.2 Release : 4.fc40 URL : https://mariadb.com/docs/connectors/mariadb-connector-j/about-mariadb-connector-j Summary : Connects applications developed in Java to MariaDB and MySQL databases Description : MariaDB Connector/J is a Type 4 JDBC driver, also known as the Direct to Database Pure Java Driver. It was developed specifically as a lightweight JDBC connector for use with MySQL and MariaDB database servers. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 3.3.2-4 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 -CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The launch of Fedora 40 for mariadb-java-client resolves significant security vulnerabilities, notably type mismatches and updates to the Java Development Kit.. fedora update, mariadb client, type confusion fix, java security. . LinuxSecurity.com Team

Calendar%202 Mar 07, 2024 Fedora
89

Fedora 40 High Advisory: 2024-129d8ca6fc jneuroml-core Type Confusion

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : jneuroml-core Product : Fedora 40 Version : 1.6.1 Release : 14.fc40 URL : https://github.com/NeuroML/NeuroML2 Summary : The NeuroML 2 Schema and ComponentType definitions in LEMS Description : This repository contains the NeuroML 2 Schema, the ComponentType definitions in LEMS and a number of example files in NeuroML 2 and LEMS files for running simulations. For more details on LEMS and NeuroML 2 see: Robert C. Cannon, Padraig Gleeson, Sharon Crook, Gautham Ganapathy, Boris Marin, Eugenio Piasini and R. Angus Silver, LEMS: A language for expressing complex biological models in concise and hierarchical form and its use in underpinning NeuroML 2, Frontiers in Neuroinformatics 2014, doi:10.3389/fninf.2014.00079 -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 1.6.1-14 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFSin Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Critical update for Fedora 40 has been issued, focusing on vulnerabilities in jneuroml-core with major enhancements and potential type mishandling concerns.. Fedora 40,jneuroml-core,Type Confusion,security release. . LinuxSecurity.com Team

Calendar%202 Mar 07, 2024 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200