Sigurnosni nedostaci programskog paketa java

——————————————————————————–
Fedora Update Notification
FEDORA-2020-fdc79d8e5b
2020-10-31 02:01:12.817715
——————————————————————————–

Name : java-11-openjdk
Product : Fedora 32
Version : 11.0.9.11
Release : 0.fc32
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 11
Description :
The OpenJDK runtime environment.

——————————————————————————–
Update Information:

New in release OpenJDK 11.0.9 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: * https://protect2.fireeye.com/v1/url?k=22c5663c-7d597c22-22c2fbf0-000babd90757-0d096e4467110198&q=1&e=b422b53f-0b4e-47de-b9e5-4415c3612bee&u=https%3A%2F%2Fbitly.com%2Fopenjdk1109 *
https://protect2.fireeye.com/v1/url?k=ddc85447-82544e59-ddcfc98b-000babd90757-40c7d79413addf8e&q=1&e=b422b53f-0b4e-47de-b9e5-4415c3612bee&u=https%3A%2F%2Fbuilds.shipilev.net%2Fbackports-monitor%2Frelease-notes-11.0.9.txt ##
Security fixes – JDK-8233624: Enhance JNI linkage – JDK-8236196: Improve
string pooling – JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
– JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts – JDK-8237995,
CVE-2020-14782: Enhance certificate processing – JDK-8240124: Better VM
Interning – JDK-8241114, CVE-2020-14792: Better range handling –
JDK-8242680, CVE-2020-14796: Improved URI Support – JDK-8242685,
CVE-2020-14797: Better Path Validation – JDK-8242695, CVE-2020-14798: Enhanced
buffer support – JDK-8243302: Advanced class supports – JDK-8244136,
CVE-2020-14803: Improved Buffer supports – JDK-8244479: Further constrain
certificates – JDK-8244955: Additional Fix for JDK-8240124 – JDK-8245407:
Enhance zoning of times – JDK-8245412: Better class definitions –
JDK-8245417: Improve certificate chain handling – JDK-8248574: Improve jpeg
processing – JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit –
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK’s update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
“US/Pacific-New” zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
——————————————————————————–
ChangeLog:

* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:11.0.9.11-0
– Update to jdk-11.0.9+11
– Drop JDK-8247874 backport now applied upstream.
– JDK-8245832 increases the set of static libraries, so try and include them all with a wildcard.
– Cleanup architecture and JVM feature handling in preparation for using upstreamed Shenandoah.
– With Shenandoah now upstream in OpenJDK 11, we can use jdk-updates/jdk11 directly
– Update tarball generation script to use PR3802, handling JDK-8233228 & JDK-8177334
– Update release notes for 11.0.9 release.
– Add backport of JDK-8254177 to update to tzdata 2020b
– Require tzdata 2020b due to resource changes in JDK-8254177
– Temporarily roll back tzdata build requirement while tzdata update is still in testing
* Mon Oct 19 2020 Severin Gehwolf <sgehwolf@redhat.com> – 1:11.0.9.11-0
– Update static-libs packaging to new layout
– Fix directory ownership of static-libs package
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-fdc79d8e5b’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=6514a94c-3a88b352-65133480-000babd90757-76be8db204881e98&q=1&e=b422b53f-0b4e-47de-b9e5-4415c3612bee&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-a405eea76a
2020-10-31 02:01:12.817725
——————————————————————————–

Name : java-1.8.0-openjdk
Product : Fedora 32
Version : 1.8.0.272.b10
Release : 0.fc32
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

——————————————————————————–
Update Information:

New in release OpenJDK 8u272 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: * https://protect2.fireeye.com/v1/url?k=9bdfc2a8-c443d8b6-9bd85f64-000babd90757-77fdd195b594ba79&q=1&e=9936bd4e-f68e-4bff-b917-360f23df8e8e&u=https%3A%2F%2Fbitly.com%2Fopenjdk8u272 *
https://protect2.fireeye.com/v1/url?k=41657de5-1ef967fb-4162e029-000babd90757-24aa03a0ea20c8e8&q=1&e=9936bd4e-f68e-4bff-b917-360f23df8e8e&u=https%3A%2F%2Fbuilds.shipilev.net%2Fbackports-monitor%2Frelease-notes-openjdk8u272.txt ##
New features * JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 ##
Security fixes – JDK-8233624: Enhance JNI linkage – JDK-8236196: Improve
string pooling – JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
– JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts – JDK-8237995,
CVE-2020-14782: Enhance certificate processing – JDK-8240124: Better VM
Interning – JDK-8241114, CVE-2020-14792: Better range handling –
JDK-8242680, CVE-2020-14796: Improved URI Support – JDK-8242685,
CVE-2020-14797: Better Path Validation – JDK-8242695, CVE-2020-14798: Enhanced
buffer support – JDK-8243302: Advanced class supports – JDK-8244136,
CVE-2020-14803: Improved Buffer supports – JDK-8244479: Further constrain
certificates – JDK-8244955: Additional Fix for JDK-8240124 – JDK-8245407:
Enhance zoning of times – JDK-8245412: Better class definitions –
JDK-8245417: Improve certificate chain handling – JDK-8248574: Improve jpeg
processing – JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit –
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK’s update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
“US/Pacific-New” zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
——————————————————————————–
ChangeLog:

* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.272.b10-0
– Update to aarch64-shenandoah-jdk8u272-b10.
– Test build JDK is usable by running ‘java -version’.
– JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default.
– Remove JDK-8154313 backport now applied upstream.
– Change target from ‘zip-docs’ to ‘docs-zip’, which is the naming used upstream.
– Remove “-fcommon” following GCC 10 fixes upstream (JDK-8238380, JDK-8238386, JDK-8238388)
– Update tarball generation script to use PR3795, following inclusion of JDK-8177334
– Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003
– Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464
– Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3)
– Update release notes for 8u272 release.
– Add backport of JDK-8254177 to update to tzdata 2020b
– Require tzdata 2020b due to resource changes in JDK-8254177
– Temporarily roll back tzdata build requirement while tzdata update is still in testing
– Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302
– Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955
* Wed Aug 5 2020 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.272.b01-0.1.ea
– Fix vendor name to include ‘.’: Red Hat, Inc => Red Hat, Inc.
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-a405eea76a’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=a42ad956-fbb6c348-a42d449a-000babd90757-d559689236c5d847&q=1&e=9936bd4e-f68e-4bff-b917-360f23df8e8e&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

——————————————————————————–
Fedora Update Notification
FEDORA-2020-421f817e5f
2020-10-31 02:01:36.973676
——————————————————————————–

Name : java-11-openjdk
Product : Fedora 31
Version : 11.0.9.11
Release : 0.fc31
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 11
Description :
The OpenJDK runtime environment.

——————————————————————————–
Update Information:

New in release OpenJDK 11.0.9 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: * https://protect2.fireeye.com/v1/url?k=6194195b-3e080345-61938497-000babd90757-236ccf064f75098e&q=1&e=456126e3-87c2-4c8e-9dad-6c437fddcc79&u=https%3A%2F%2Fbitly.com%2Fopenjdk1109 *
https://protect2.fireeye.com/v1/url?k=23c6f7d0-7c5aedce-23c16a1c-000babd90757-7cfb9e8d49006f5d&q=1&e=456126e3-87c2-4c8e-9dad-6c437fddcc79&u=https%3A%2F%2Fbuilds.shipilev.net%2Fbackports-monitor%2Frelease-notes-11.0.9.txt ##
Security fixes – JDK-8233624: Enhance JNI linkage – JDK-8236196: Improve
string pooling – JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
– JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts – JDK-8237995,
CVE-2020-14782: Enhance certificate processing – JDK-8240124: Better VM
Interning – JDK-8241114, CVE-2020-14792: Better range handling –
JDK-8242680, CVE-2020-14796: Improved URI Support – JDK-8242685,
CVE-2020-14797: Better Path Validation – JDK-8242695, CVE-2020-14798: Enhanced
buffer support – JDK-8243302: Advanced class supports – JDK-8244136,
CVE-2020-14803: Improved Buffer supports – JDK-8244479: Further constrain
certificates – JDK-8244955: Additional Fix for JDK-8240124 – JDK-8245407:
Enhance zoning of times – JDK-8245412: Better class definitions –
JDK-8245417: Improve certificate chain handling – JDK-8248574: Improve jpeg
processing – JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit –
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK’s update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
“US/Pacific-New” zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
——————————————————————————–
ChangeLog:

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-421f817e5f’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=3970e77f-66ecfd61-39777ab3-000babd90757-fe25f6ecd81a14f8&q=1&e=456126e3-87c2-4c8e-9dad-6c437fddcc79&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

——————————————————————————–
Fedora Update Notification
FEDORA-2020-febe36c3ac
2020-10-31 02:01:36.973686
——————————————————————————–

Name : java-1.8.0-openjdk
Product : Fedora 31
Version : 1.8.0.272.b10
Release : 0.fc31
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

——————————————————————————–
Update Information:

New in release OpenJDK 8u272 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: * https://protect2.fireeye.com/v1/url?k=2e754458-71e95e46-2e72d994-000babd90757-2f60af058486988d&q=1&e=34a2bcb9-f56e-48c4-99ae-e1f1aa0c5e04&u=https%3A%2F%2Fbitly.com%2Fopenjdk8u272 *
https://protect2.fireeye.com/v1/url?k=5be590cc-04798ad2-5be20d00-000babd90757-f847cf140a7cc083&q=1&e=34a2bcb9-f56e-48c4-99ae-e1f1aa0c5e04&u=https%3A%2F%2Fbuilds.shipilev.net%2Fbackports-monitor%2Frelease-notes-openjdk8u272.txt ##
New features * JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 ##
Security fixes – JDK-8233624: Enhance JNI linkage – JDK-8236196: Improve
string pooling – JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
– JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts – JDK-8237995,
CVE-2020-14782: Enhance certificate processing – JDK-8240124: Better VM
Interning – JDK-8241114, CVE-2020-14792: Better range handling –
JDK-8242680, CVE-2020-14796: Improved URI Support – JDK-8242685,
CVE-2020-14797: Better Path Validation – JDK-8242695, CVE-2020-14798: Enhanced
buffer support – JDK-8243302: Advanced class supports – JDK-8244136,
CVE-2020-14803: Improved Buffer supports – JDK-8244479: Further constrain
certificates – JDK-8244955: Additional Fix for JDK-8240124 – JDK-8245407:
Enhance zoning of times – JDK-8245412: Better class definitions –
JDK-8245417: Improve certificate chain handling – JDK-8248574: Improve jpeg
processing – JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit –
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK’s update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
“US/Pacific-New” zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
——————————————————————————–
ChangeLog:

* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.272.b10-0
– Update to aarch64-shenandoah-jdk8u272-b10.
– Test build JDK is usable by running ‘java -version’.
– JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default.
– Remove JDK-8154313 backport now applied upstream.
– Change target from ‘zip-docs’ to ‘docs-zip’, which is the naming used upstream.
– Update tarball generation script to use PR3795, following inclusion of JDK-8177334
– Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003
– Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464
– Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3)
– Update release notes for 8u272 release.
– Add backport of JDK-8254177 to update to tzdata 2020b
– Require tzdata 2020b due to resource changes in JDK-8254177
– Temporarily roll back tzdata build requirement while tzdata update is still in testing
– Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302
– Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955
* Wed Aug 5 2020 Severin Gehwolf <sgehwolf@redhat.com> – 1:1.8.0.272.b01-0.1.ea
– Fix vendor name to include ‘.’: Red Hat, Inc => Red Hat, Inc.
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-febe36c3ac’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=4145a632-1ed9bc2c-41423bfe-000babd90757-5ce893bcb7a05241&q=1&e=34a2bcb9-f56e-48c4-99ae-e1f1aa0c5e04&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

Sigurnosni nedostaci programskog paketa java

Archives

More in Preporuke

Sigurnosni nedostaci programske biblioteke libvirt