Stay Secure with the Latest Linux Advisories

security advisoryFedorasecurity fix

Fedora 35: 2022-7d8b535724 Critical Update for OpenJDK 17

# New in release OpenJDK 17.0.2 (2022-01-18): Live versions of these release notes can be found at: * * https://builds.shipilev.net/backports-monitor/release-notes-17.0.2.txt ## Security fixes - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside - JDK-8264934, CVE-2022-21248: Enhance cross VM. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-7d8b535724 2022-01-29 06:37:20.624368 --------------------------------------------------------------------------------Name : java-latest-openjdk Product : Fedora 35 Version : 17.0.2.0.8 Release : 2.rolling.fc35 URL : https://openjdk.org/ Summary : OpenJDK 17 Runtime Environment Description : The OpenJDK 17 runtime environment. --------------------------------------------------------------------------------Update Information: # New in release OpenJDK 17.0.2 (2022-01-18): Live versions of these release notes can be found at: * * https://builds.shipilev.net/backports-monitor/release-notes-17.0.2.txt ## Security fixes - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization - JDK-8268488: More valuable DerValues - JDK-8268494: Better inlining of inlined interfaces - JDK-8268512: More content for ContentInfo -JDK-8268813, CVE-2022-21283: Better String matching - JDK-8269151: Better construction of EncryptedPrivateKeyInfo - JDK-8269944: Better HTTP transport redux - JDK-8270386, CVE-2022-21291: Better verification of scan methods -JDK-8270392, CVE-2022-21293: Improve String constructions - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps - JDK-8270492, CVE-2022-21282: Better resolution of URIs - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities - JDK-8270952, CVE-2022-21277:Improve TIFF file handling - JDK-8271962: Better TrueType font loading - JDK-8271968: Better canonical naming - JDK-8271987: Manifest improved manifest entries -JDK-8272014, CVE-2022-21305: Better array indexing - JDK-8272026, CVE-2022-21340: Verify Jar Verification - JDK-8272236, CVE-2022-21341: Improve serial forms for transport - JDK-8272272: Enhance jcmd communication -JDK-8272462: Enhance image handling - JDK-8273290: Enhance sound handling -JDK-8273756, CVE-2022-21360: Enhance BMP image support - JDK-8273838, CVE-2022-21365: Enhanced BMP processing - JDK-8274096, CVE-2022-21366: Improve decoding of image files ## Major Changes -[JDK-8277157](https://bugs.openjdk.org/browse/JDK-8277157): Vector should throw ClassNotFoundException for a missing class of an element -[JDK-8272535](https://bugs.openjdk.org/browse/JDK-8272535): Removed Google's GlobalSign Root Certificate -[JDK-8277533](https://bugs.openjdk.org/browse/JDK-8277533): ZGC: Fixed long Process Non-Strong References times -[JDK-8274857](https://bugs.openjdk.org/browse/JDK-8274857): Update Timezone Data to 2021c ## FIPS Changes - Fix FIPS issues in native code and with initialisation of java.security.Security --------------------------------------------------------------------------------ChangeLog: * Mon Jan 24 2022 Andrew Hughes - 1:17.0.2.0.8-2.rolling - Require tzdata 2021e as of JDK-8275766. * Wed Jan 12 2022 Andrew Hughes - 1:17.0.2.0.8-1.rolling - January 2022 security update to jdk 17.0.2+8 - Extend LTS check to exclude EPEL. - Rename libsvml.so to libjsvml.so following JDK-8276025 - Remove JDK-8276572 patch which is now upstream. - Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java - Fix FIPS issues in native code and with initialisation of java.security.Security * Wed Jan 12 2022 Severin Gehwolf - 1:17.0.2.0.8-1.rolling - Set LTS designator. --------------------------------------------------------------------------------References: [1 ] Bug #2042455 - Missing latest release OpenJDK 17.0.2 https://bugzilla.redhat.com/show_bug.cgi?id=2042455 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-7d8b535724' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Fedora Package Alert for python-latest-openjdk introduces crucial patches addressing multiple security flaws and improvements.. Fedora Update, OpenJDK Update, Security Fixes, Java Security. . Severity: Critical. LinuxSecurity.com Team

Jan 29, 2022 •Critical Fedora