You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa java

Sigurnosni nedostaci programskog paketa java

——————————————————————————–
Fedora Update Notification
FEDORA-2020-fdc79d8e5b
2020-10-31 02:01:12.817715
——————————————————————————–

Name : java-11-openjdk
Product : Fedora 32
Version : 11.0.9.11
Release : 0.fc32
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 11
Description :
The OpenJDK runtime environment.

——————————————————————————–
Update Information:

New in release OpenJDK 11.0.9 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: * https://protect2.fireeye.com/v1/url?k=22c5663c-7d597c22-22c2fbf0-000babd90757-0d096e4467110198&q=1&e=b422b53f-0b4e-47de-b9e5-4415c3612bee&u=https%3A%2F%2Fbitly.com%2Fopenjdk1109 *
https://protect2.fireeye.com/v1/url?k=ddc85447-82544e59-ddcfc98b-000babd90757-40c7d79413addf8e&q=1&e=b422b53f-0b4e-47de-b9e5-4415c3612bee&u=https%3A%2F%2Fbuilds.shipilev.net%2Fbackports-monitor%2Frelease-notes-11.0.9.txt ##
Security fixes – JDK-8233624: Enhance JNI linkage – JDK-8236196: Improve
string pooling – JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
– JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts – JDK-8237995,
CVE-2020-14782: Enhance certificate processing – JDK-8240124: Better VM
Interning – JDK-8241114, CVE-2020-14792: Better range handling –
JDK-8242680, CVE-2020-14796: Improved URI Support – JDK-8242685,
CVE-2020-14797: Better Path Validation – JDK-8242695, CVE-2020-14798: Enhanced
buffer support – JDK-8243302: Advanced class supports – JDK-8244136,
CVE-2020-14803: Improved Buffer supports – JDK-8244479: Further constrain
certificates – JDK-8244955: Additional Fix for JDK-8240124 – JDK-8245407:
Enhance zoning of times – JDK-8245412: Better class definitions –
JDK-8245417: Improve certificate chain handling – JDK-8248574: Improve jpeg
processing – JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit –
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK’s update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
“US/Pacific-New” zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
——————————————————————————–
ChangeLog:

* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:11.0.9.11-0
– Update to jdk-11.0.9+11
– Drop JDK-8247874 backport now applied upstream.
– JDK-8245832 increases the set of static libraries, so try and include them all with a wildcard.
– Cleanup architecture and JVM feature handling in preparation for using upstreamed Shenandoah.
– With Shenandoah now upstream in OpenJDK 11, we can use jdk-updates/jdk11 directly
– Update tarball generation script to use PR3802, handling JDK-8233228 & JDK-8177334
– Update release notes for 11.0.9 release.
– Add backport of JDK-8254177 to update to tzdata 2020b
– Require tzdata 2020b due to resource changes in JDK-8254177
– Temporarily roll back tzdata build requirement while tzdata update is still in testing
* Mon Oct 19 2020 Severin Gehwolf <sgehwolf@redhat.com> – 1:11.0.9.11-0
– Update static-libs packaging to new layout
– Fix directory ownership of static-libs package
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-fdc79d8e5b’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=6514a94c-3a88b352-65133480-000babd90757-76be8db204881e98&q=1&e=b422b53f-0b4e-47de-b9e5-4415c3612bee&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-a405eea76a
2020-10-31 02:01:12.817725
——————————————————————————–

Name : java-1.8.0-openjdk
Product : Fedora 32
Version : 1.8.0.272.b10
Release : 0.fc32
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

——————————————————————————–
Update Information:

New in release OpenJDK 8u272 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: * https://protect2.fireeye.com/v1/url?k=9bdfc2a8-c443d8b6-9bd85f64-000babd90757-77fdd195b594ba79&q=1&e=9936bd4e-f68e-4bff-b917-360f23df8e8e&u=https%3A%2F%2Fbitly.com%2Fopenjdk8u272 *
https://protect2.fireeye.com/v1/url?k=41657de5-1ef967fb-4162e029-000babd90757-24aa03a0ea20c8e8&q=1&e=9936bd4e-f68e-4bff-b917-360f23df8e8e&u=https%3A%2F%2Fbuilds.shipilev.net%2Fbackports-monitor%2Frelease-notes-openjdk8u272.txt ##
New features * JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 ##
Security fixes – JDK-8233624: Enhance JNI linkage – JDK-8236196: Improve
string pooling – JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
– JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts – JDK-8237995,
CVE-2020-14782: Enhance certificate processing – JDK-8240124: Better VM
Interning – JDK-8241114, CVE-2020-14792: Better range handling –
JDK-8242680, CVE-2020-14796: Improved URI Support – JDK-8242685,
CVE-2020-14797: Better Path Validation – JDK-8242695, CVE-2020-14798: Enhanced
buffer support – JDK-8243302: Advanced class supports – JDK-8244136,
CVE-2020-14803: Improved Buffer supports – JDK-8244479: Further constrain
certificates – JDK-8244955: Additional Fix for JDK-8240124 – JDK-8245407:
Enhance zoning of times – JDK-8245412: Better class definitions –
JDK-8245417: Improve certificate chain handling – JDK-8248574: Improve jpeg
processing – JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit –
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK’s update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
“US/Pacific-New” zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
——————————————————————————–
ChangeLog:

* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.272.b10-0
– Update to aarch64-shenandoah-jdk8u272-b10.
– Test build JDK is usable by running ‘java -version’.
– JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default.
– Remove JDK-8154313 backport now applied upstream.
– Change target from ‘zip-docs’ to ‘docs-zip’, which is the naming used upstream.
– Remove “-fcommon” following GCC 10 fixes upstream (JDK-8238380, JDK-8238386, JDK-8238388)
– Update tarball generation script to use PR3795, following inclusion of JDK-8177334
– Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003
– Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464
– Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3)
– Update release notes for 8u272 release.
– Add backport of JDK-8254177 to update to tzdata 2020b
– Require tzdata 2020b due to resource changes in JDK-8254177
– Temporarily roll back tzdata build requirement while tzdata update is still in testing
– Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302
– Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955
* Wed Aug 5 2020 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.272.b01-0.1.ea
– Fix vendor name to include ‘.’: Red Hat, Inc => Red Hat, Inc.
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-a405eea76a’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=a42ad956-fbb6c348-a42d449a-000babd90757-d559689236c5d847&q=1&e=9936bd4e-f68e-4bff-b917-360f23df8e8e&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-421f817e5f
2020-10-31 02:01:36.973676
——————————————————————————–

Name : java-11-openjdk
Product : Fedora 31
Version : 11.0.9.11
Release : 0.fc31
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 11
Description :
The OpenJDK runtime environment.

——————————————————————————–
Update Information:

New in release OpenJDK 11.0.9 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: * https://protect2.fireeye.com/v1/url?k=6194195b-3e080345-61938497-000babd90757-236ccf064f75098e&q=1&e=456126e3-87c2-4c8e-9dad-6c437fddcc79&u=https%3A%2F%2Fbitly.com%2Fopenjdk1109 *
https://protect2.fireeye.com/v1/url?k=23c6f7d0-7c5aedce-23c16a1c-000babd90757-7cfb9e8d49006f5d&q=1&e=456126e3-87c2-4c8e-9dad-6c437fddcc79&u=https%3A%2F%2Fbuilds.shipilev.net%2Fbackports-monitor%2Frelease-notes-11.0.9.txt ##
Security fixes – JDK-8233624: Enhance JNI linkage – JDK-8236196: Improve
string pooling – JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
– JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts – JDK-8237995,
CVE-2020-14782: Enhance certificate processing – JDK-8240124: Better VM
Interning – JDK-8241114, CVE-2020-14792: Better range handling –
JDK-8242680, CVE-2020-14796: Improved URI Support – JDK-8242685,
CVE-2020-14797: Better Path Validation – JDK-8242695, CVE-2020-14798: Enhanced
buffer support – JDK-8243302: Advanced class supports – JDK-8244136,
CVE-2020-14803: Improved Buffer supports – JDK-8244479: Further constrain
certificates – JDK-8244955: Additional Fix for JDK-8240124 – JDK-8245407:
Enhance zoning of times – JDK-8245412: Better class definitions –
JDK-8245417: Improve certificate chain handling – JDK-8248574: Improve jpeg
processing – JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit –
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK’s update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
“US/Pacific-New” zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
——————————————————————————–
ChangeLog:

* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:11.0.9.11-0
– Update to jdk-11.0.9+11
– Drop JDK-8247874 backport now applied upstream.
– JDK-8245832 increases the set of static libraries, so try and include them all with a wildcard.
– Cleanup architecture and JVM feature handling in preparation for using upstreamed Shenandoah.
– With Shenandoah now upstream in OpenJDK 11, we can use jdk-updates/jdk11 directly
– Update tarball generation script to use PR3802, handling JDK-8233228 & JDK-8177334
– Update release notes for 11.0.9 release.
– Add backport of JDK-8254177 to update to tzdata 2020b
– Require tzdata 2020b due to resource changes in JDK-8254177
– Temporarily roll back tzdata build requirement while tzdata update is still in testing
* Mon Oct 19 2020 Severin Gehwolf <sgehwolf@redhat.com> – 1:11.0.9.11-0
– Update static-libs packaging to new layout
– Fix directory ownership of static-libs package
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-421f817e5f’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=3970e77f-66ecfd61-39777ab3-000babd90757-fe25f6ecd81a14f8&q=1&e=456126e3-87c2-4c8e-9dad-6c437fddcc79&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-febe36c3ac
2020-10-31 02:01:36.973686
——————————————————————————–

Name : java-1.8.0-openjdk
Product : Fedora 31
Version : 1.8.0.272.b10
Release : 0.fc31
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

——————————————————————————–
Update Information:

New in release OpenJDK 8u272 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: * https://protect2.fireeye.com/v1/url?k=2e754458-71e95e46-2e72d994-000babd90757-2f60af058486988d&q=1&e=34a2bcb9-f56e-48c4-99ae-e1f1aa0c5e04&u=https%3A%2F%2Fbitly.com%2Fopenjdk8u272 *
https://protect2.fireeye.com/v1/url?k=5be590cc-04798ad2-5be20d00-000babd90757-f847cf140a7cc083&q=1&e=34a2bcb9-f56e-48c4-99ae-e1f1aa0c5e04&u=https%3A%2F%2Fbuilds.shipilev.net%2Fbackports-monitor%2Frelease-notes-openjdk8u272.txt ##
New features * JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 ##
Security fixes – JDK-8233624: Enhance JNI linkage – JDK-8236196: Improve
string pooling – JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
– JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts – JDK-8237995,
CVE-2020-14782: Enhance certificate processing – JDK-8240124: Better VM
Interning – JDK-8241114, CVE-2020-14792: Better range handling –
JDK-8242680, CVE-2020-14796: Improved URI Support – JDK-8242685,
CVE-2020-14797: Better Path Validation – JDK-8242695, CVE-2020-14798: Enhanced
buffer support – JDK-8243302: Advanced class supports – JDK-8244136,
CVE-2020-14803: Improved Buffer supports – JDK-8244479: Further constrain
certificates – JDK-8244955: Additional Fix for JDK-8240124 – JDK-8245407:
Enhance zoning of times – JDK-8245412: Better class definitions –
JDK-8245417: Improve certificate chain handling – JDK-8248574: Improve jpeg
processing – JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit –
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK’s update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
“US/Pacific-New” zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
——————————————————————————–
ChangeLog:

* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.272.b10-0
– Update to aarch64-shenandoah-jdk8u272-b10.
– Test build JDK is usable by running ‘java -version’.
– JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default.
– Remove JDK-8154313 backport now applied upstream.
– Change target from ‘zip-docs’ to ‘docs-zip’, which is the naming used upstream.
– Update tarball generation script to use PR3795, following inclusion of JDK-8177334
– Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003
– Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464
– Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3)
– Update release notes for 8u272 release.
– Add backport of JDK-8254177 to update to tzdata 2020b
– Require tzdata 2020b due to resource changes in JDK-8254177
– Temporarily roll back tzdata build requirement while tzdata update is still in testing
– Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302
– Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955
* Wed Aug 5 2020 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.272.b01-0.1.ea
– Fix vendor name to include ‘.’: Red Hat, Inc => Red Hat, Inc.
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-febe36c3ac’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=4145a632-1ed9bc2c-41423bfe-000babd90757-5ce893bcb7a05241&q=1&e=34a2bcb9-f56e-48c4-99ae-e1f1aa0c5e04&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libvirt

Otkriveni su sigurnosni nedostaci programske biblioteke libvirt za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili...

Close