Lucene search

K
oraclelinuxOracleLinuxELSA-2021-3893
HistoryOct 20, 2021 - 12:00 a.m.

java-1.8.0-openjdk security and bug fix update

2021-10-2000:00:00
linux.oracle.com
64

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

[1:1.8.0.312.b07-1]

  • Update to aarch64-shenandoah-jdk8u312-b07 (EA)
  • Update release notes for 8u312-b07.
  • Switch to GA mode for final release.
  • This tarball is embargoed until 2021-10-19 @ 1pm PT.
  • Resolves: rhbz#2011826
    [1:1.8.0.312.b05-0.4.ea]
  • Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
  • Resolves: rhbz#2014193
    [1:1.8.0.312.b05-0.4.ea]
  • Add patch to allow plain key import.
  • Resolves: rhbz#2014193
    [1:1.8.0.312.b05-0.3.ea]
  • Add patch to login to the NSS software token when in FIPS mode.
  • Resolves: rhbz#2014204
    [1:1.8.0.312.b05-0.2.ea]
  • Port FIPS system detection support to OpenJDK 8u
  • Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
  • Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
  • Resolves: rhbz#2014201
    [1:1.8.0.312.b05-0.2.ea]
  • Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
  • Resolves: rhbz#2014201
    [1:1.8.0.312.b05-0.1.ea]
  • Update to aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07
  • Update release notes for 8u312-b05-shenandoah-merge-2021-10-07.
  • Reduce disk footprint by removing build artifacts by default.
  • Switch to EA mode.
  • Remove non-Free test and demo files from source tarball.
  • Related: rhbz#2011826

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N