Stay Vigilant with Timely Linux Security Advisories

security advisoryhigh severityfedora

Fedora 40: 2024-129d8ca6fc High: JDK Update and Type Confusion Issues

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : xmlstreambuffer Product : Fedora 40 Version : 2.1.0 Release : 5.fc40 URL : https://github.com/eclipse-ee4j/metro-xmlstreambuffer Summary : Stream Based Representation for XML Infoset Description : Stream based representation for XML infoset. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 2.1.0-5 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The Fedora 40 update for xmlstreambuffer enhances JDK configuration and fixes high-severity vulnerabilities. Ensure backups before upgrading for security.. Fedora 40, xmlstreambuffer, type confusion, security release, JDK change. . LinuxSecurity.com Team

Mar 07, 2024 Fedora

security advisoryhigh severityfedora

Fedora 40: Parent-Weld Elevated Class Mismatch CVE-2024-1938 CVE-2024-1939

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : weld-parent Product : Fedora 40 Version : 46 Release : 7.fc40 URL : http://weld.cdi-spec.org Summary : Parent POM for Weld Description : Parent POM for Weld -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 46-7 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Ubuntu 24 upgrade for Build-Child resolves serious type ambiguity vulnerabilities, reinforcing Python 3.11's reliability and protection.. Fedora Update, Type Confusion, Java 21 Security. . LinuxSecurity.com Team

Mar 07, 2024 Fedora

Banner 2 1028x280 1708121730 1 1771599631

security advisoryfedoratomcat

Fedora 40: FEDORA-2024-129d8ca6fc High: Tomcat Type Confusion Fix

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : tomcat Product : Fedora 40 Version : 9.0.83 Release : 3.fc40 URL : https://tomcat.apache.org/ Summary : Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API Description : Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 1:9.0.83-3 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 40 has upgraded Tomcat to utilize JDK 21, resolving critical type confusion vulnerabilities.. Fedora Update, Tomcat Security, Type Confusion, JDK Upgrade, Fedora Security. . LinuxSecurity.com Team

Mar 07, 2024 Fedora

security advisoryhigh severityfedora

Fedora 40: FEDORA-2024-129d8ca6fc High Severity Type Confusion Issue

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : string-template-maven-plugin Product : Fedora 40 Version : 1.1 Release : 13.fc40 URL : https://kevinbirch.github.io/string-template-maven-plugin/ Summary : Execute StringTemplate files during a maven build Description : This plugin allows you to execute StringTemplate template files during your build. The values for templates can come from static declarations or from a Java class specified to be executed. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 1.1-13 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Debian patches bring vital safety enhancements concerning string-template-maven-tool and JDK version upgrades.. Fedora Updates, Type Confusion, StringTemplate Plugin, System JDK Upgrade. . LinuxSecurity.com Team

Mar 07, 2024 Fedora

security advisorysecurity issuefedora

Fedora 40: 2024-129d8ca6fc High: Type Confusion in Sisu-Mojos

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : sisu-mojos Product : Fedora 40 Version : 0.9.0~M2 Release : 4.fc40 URL : https://eclipse.dev/sisu/ Summary : Sisu plugin for Apache Maven Description : The Sisu Plugin for Maven provides mojos to generate META-INF/sisu/javax.inject.Named index files for the Sisu container. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 0.9.0~M2-4 - Rebuilt for java-21-openjdk as system jdk * Fri Mar 1 2024 Jiri Vanek - 0.9.0~M2-3 - bump of release for for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The newest Fedora release for sisu-mojos tackles severe type mishaps linked to V8. Ensure your system is updated immediately!. Fedora Update,sisu-mojos Security,Type Confusion Fix,System JDK Change. . LinuxSecurity.com Team

Mar 07, 2024 Fedora

security advisorysecurity updatehigh severity

Fedora 40: FEDORA-2024-129d8ca6fc High: Python-Javaobj Type Confusion

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : python-javaobj Product : Fedora 40 Version : 0.4.3 Release : 12.fc40 URL : https://github.com/tcalmant/python-javaobj Summary : Python module for serializing and deserializing Java objects Description : python-javaobj is a python library that provides functions for reading and writing (writing is WIP currently) Java objects serialized or will be deserialized by ObjectOutputStream. This form of object representation is a standard data interchange format in Java world. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 0.4.3-12 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 -CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Crucial news regarding python-javaobj in Fedora 40 targeting JDK modifications and severe security flaws in V8.. Fedora Update, Python Module, JDK Security, Type Confusion, Fedora 40. . LinuxSecurity.com Team

Mar 07, 2024 Fedora

security advisoryhigh severityfedora

Fedora 40 OpenJDK Update FEDORA-2024-129d8ca6fc High Type Confusion

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : openjdk-asmtools7 Product : Fedora 40 Version : 7.0.b10 Release : 0.11.20210610.gitf40a2c0.fc40 URL : https://github.com/openjdk/asmtools Summary : Set of tools used to assemble / disassemble proper and improper Java .class files for JDK version 11 and lesser Description : AsmTools helps develop tools to create proper and improper Java .class files. Aids various Java .class based testing and OpenJDK development applications. Asmtools supports latest class file formats, in lock-step with JDK development. AsmTools consist of a set of (Java class file) assembler/dis-assemblers: * Jasm/Jdis: An assembler language to provide Java-like declaration of member signatures, providing Java VM specification compliant mnemonics for byte-code instructions. * JCod/JDec: An assembler language to provide byte-code containers of class-file constructs. This version works with JDK version 11 and lesser. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 7.0.b10-0.11.20210610.gitf40a2c0 - Rebuilt for java-21-openjdk as systemjdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . System Package Alert:OpenJDK 21 introduces critical type confusion resolutions. Ensure your software remains current!. Fedora, OpenJDK, Update Notification, Type Confusion, High Severity. . LinuxSecurity.com Team

Mar 07, 2024 Fedora

security advisorysecurity updatehigh severity

Fedora 40 openjfx8 Critical Type Confusion Threat CVE-2024-1939

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : openjfx8 Product : Fedora 40 Version : 8.0.202 Release : 40.b07.fc40 URL : https://openjdk.org/projects/openjfx/ Summary : Rich client application platform for Java Description : JavaFX/OpenJFX is a set of graphics and media APIs that enables Java developers to design, create, test, debug, and deploy rich client applications that operate consistently across diverse platforms. The media and web module have been removed due to missing dependencies. The swt module has been removed due to incompatible runtime version (openjdk 11). -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 8.0.202-40.b07 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Essential revisions for Fedora 40 emphasize the correction of type inconsistency issues in openjfx8, as well as improvements in the setup of the system's JDK.. Fedora 40 Update, OpenJFX Security, Java Type Confusion, System JDK Upgrade, High Severity Fixes. . Severity: Critical. LinuxSecurity.com Team

Mar 07, 2024 •Critical Fedora

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 40: 2024-129d8ca6fc High: JDK Update and Type Confusion Issues

Fedora 40: Parent-Weld Elevated Class Mismatch CVE-2024-1938 CVE-2024-1939

Fedora 40: FEDORA-2024-129d8ca6fc High: Tomcat Type Confusion Fix

Fedora 40: FEDORA-2024-129d8ca6fc High Severity Type Confusion Issue

Fedora 40: 2024-129d8ca6fc High: Type Confusion in Sisu-Mojos

Fedora 40: FEDORA-2024-129d8ca6fc High: Python-Javaobj Type Confusion

Fedora 40 OpenJDK Update FEDORA-2024-129d8ca6fc High Type Confusion

Fedora 40 openjfx8 Critical Type Confusion Threat CVE-2024-1939

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!