You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa java-11-openjdk

Sigurnosni nedostaci programskog paketa java-11-openjdk

——————————————————————————–
Fedora Update Notification
FEDORA-2020-93cc9c3ef2
2020-07-28 15:00:49.912061
——————————————————————————–

Name : java-11-openjdk
Product : Fedora 31
Version : 11.0.8.10
Release : 2.fc31
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 11
Description :
The OpenJDK runtime environment.

——————————————————————————–
Update Information:

# July 2020 OpenJDK security update for OpenJDK 11 Full release notes:
https://bitly.com/openjdk1108 ## Security fixes – JDK-8230613: Better
ASCII conversions – JDK-8231800: Better listing of arrays – JDK-8232014:
Expand DTD support – JDK-8233234: Better Zip Naming – JDK-8233239,
CVE-2020-14562: Enhance TIFF support – JDK-8233255: Better Swing Buttons –
JDK-8234032: Improve basic calendar services – JDK-8234042: Better factory
production of certificates – JDK-8234418: Better parsing with
CertificateFactory – JDK-8234836: Improve serialization handling –
JDK-8236191: Enhance OID processing – JDK-8236867, CVE-2020-14573: Enhance
Graal interface handling – JDK-8237117, CVE-2020-14556: Better ForkJoinPool
behavior – JDK-8237592, CVE-2020-14577: Enhance certificate verification –
JDK-8238002, CVE-2020-14581: Better matrix operations – JDK-8238013: Enhance
String writing – JDK-8238804: Enhance key handling process – JDK-8238842:
AIOOBE in GIFImageReader.initializeStringTable – JDK-8238843: Enhanced font
handing – JDK-8238920, CVE-2020-14583: Better Buffer support – JDK-8238925:
Enhance WAV file playback – JDK-8240119, CVE-2020-14593: Less Affine
Transformations – JDK-8240482: Improved WAV file playback – JDK-8241379:
Update JCEKS support – JDK-8241522: Manifest improved jar headers redux –
JDK-8242136, CVE-2020-14621: Better XML namespace handling ##
[JDK-8244167](https://bugs.openjdk.java.net/browse/JDK-8244167): Removal of
Comodo Root CA Certificate The following expired Comodo root CA certificate was
removed from the `cacerts` keystore: + alias name “addtrustclass1ca [jdk]”
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network,
O=AddTrust AB, C=SE ##
[JDK-8244166](https://bugs.openjdk.java.net/browse/JDK-8244166): Removal of
DocuSign Root CA Certificate The following expired DocuSign root CA certificate
was removed from the `cacerts` keystore: + alias name “keynectisrootca [jdk]”
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR ##
[JDK-8240191](https://bugs.openjdk.java.net/browse/JDK-8240191): Allow SunPKCS11
initialization with NSS when external FIPS modules are present in the Security
Modules Database The SunPKCS11 security provider can now be initialized with
NSS when FIPS-enabled external modules are configured in the Security Modules
Database (NSSDB). Prior to this change, the SunPKCS11 provider would throw a
RuntimeException with the message: “FIPS flag set for non-internal module” when
such a library was configured for NSS in non-FIPS mode. This change allows the
JDK to work properly with recent NSS releases in GNU/Linux operating systems
when the system-wide FIPS policy is turned on. Further information can be found
in [JDK-8238555](https://bugs.openjdk.java.net/browse/JDK-8238555). ##
[JDK-8245077](https://bugs.openjdk.java.net/browse/JDK-8245077): Default
SSLEngine Should Create in Server Role In JDK 11 and later,
`javax.net.ssl.SSLEngine` by default used client mode when handshaking. As a
result, the set of default enabled protocols may differ to what is expected.
`SSLEngine` would usually be used in server mode. From this JDK release onwards,
`SSLEngine` will default to server mode. The
`javax.net.ssl.SSLEngine.setUseClientMode(boolean mode)` method may be used to
configure the mode. ##
[JDK-8242147](https://bugs.openjdk.java.net/browse/JDK-8242147): New System
Properties to Configure the TLS Signature Schemes Two new System Properties are
added to customize the TLS signature schemes in JDK.
`jdk.tls.client.SignatureSchemes` is added for TLS client side, and
`jdk.tls.server.SignatureSchemes` is added for server side. Each System
Property contains a comma-separated list of supported signature scheme names
specifying the signature schemes that could be used for the TLS connections.
The names are described in the “Signature Schemes” section of the *Java Security
Standard Algorithm Names Specification*.
——————————————————————————–
ChangeLog:

* Sat Jul 18 2020 Severin Gehwolf <sgehwolf@redhat.com> – 1:11.0.8.10-2
– Build static-libs-image and add resulting files via -static-libs
sub-package.
– Disable stripping of debug symbols for static libraries part of
the -static-libs sub-package.
* Mon Jul 13 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:11.0.8.10-1
– Sync JDK-8247874 patch with upstream status in 11.0.9.
* Mon Jul 13 2020 Jayashree Huttanagoudar <jhuttana@redhat.com> -1:11.0.8.10-1
– Moved vendor_version_string to better place
– Added a patch jdk8247874-fix_ampersand_in_vm_bug_url.patch
* Mon Jul 13 2020 Jiri Vanek <jvanek@redhat.com> – 1:11.0.8.10-1
– Set vendor property and vendor URLs
– Made urls to be preconfigured by OS
* Sat Jul 11 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:11.0.8.10-0
– Update to shenandoah-jdk-11.0.8+10 (GA)
– Add release notes for 11.0.7 & 11.0.8 releases.
– Amend release notes, removing issue actually fixed in 11.0.6.
– Update release notes with last minute fix (JDK-8248505).
– Drop JDK-8237396, JDK-8228407 & JDK-8243541 backports now applied upstream.
– Make use of –with-extra-asflags introduced in jdk-11.0.6+1.
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-93cc9c3ef2’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa rsync

Otkriveni su sigurnosni nedostaci u programskom paketu rsync za operacijski sustav Gentoo. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja....

Close