Описание
ELSA-2021-1301: java-1.8.0-openjdk security update (MODERATE)
[1:1.8.0.292.b10-0]
- Update to aarch64-shenandoah-jdk8u292-b10 (GA)
- Update release notes for 8u292-b10.
- Update tarball generation script to use PR3822 which handles JDK-8233228 & JDK-8035166 changes
- Remove RH1868759 patch as this is now resolved upstream by JDK-8258833.
- Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes.
- Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch.
- Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of JDK-8188813 in 8u.
- Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer types are accurate.
- Require tzdata 2020f due to JDK-8259048
- Require tzdata 2021a due to JDK-8260356
- This tarball is embargoed until 2021-04-20 @ 1pm PT.
- Resolves: rhbz#1938201
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
java-1.8.0-openjdk
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-accessibility
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-demo
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-devel
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-headless
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-javadoc
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-javadoc-zip
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-src
1.8.0.292.b10-0.el8_3
Oracle Linux x86_64
java-1.8.0-openjdk
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-accessibility
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-demo
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-devel
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-headless
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-javadoc
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-javadoc-zip
1.8.0.292.b10-0.el8_3
java-1.8.0-openjdk-src
1.8.0.292.b10-0.el8_3
Связанные CVE
Связанные уязвимости
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts)....
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts)....
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...
