Lucene search

K
oraclelinuxOracleLinuxELSA-2022-5695
HistoryJul 26, 2022 - 12:00 a.m.

java-11-openjdk security, bug fix, and enhancement update

2022-07-2600:00:00
linux.oracle.com
17

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

[1:11.0.16.0.8-1.0.1]

  • Replace upstream references [Orabug: 34340155]
    [1:11.0.16.0.8-1]
  • Update to jdk-11.0.16+8
  • Update release notes to 11.0.16+8
  • Use same tarball naming style as java-17-openjdk and java-latest-openjdk
  • Drop JDK-8257794 patch now upstreamed
  • Print release file during build, which should now include a correct SOURCE value from .src-rev
  • Update tarball script with IcedTea GitHub URL and .src-rev generation
  • Use ‘git apply’ with patches in the tarball script to allow binary diffs
  • Include script to generate bug list for release notes
  • Update tzdata requirement to 2022a to match JDK-8283350
  • Make use of the vendor version string to store our version & release rather than an upstream release date
  • Explicitly require crypto-policies during build and runtime for system security properties
  • Rebase FIPS patches from fips branch and simplify by using a single patch from that repository
    • RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
    • RH2090378: Revert to disabling system security properties and FIPS mode support together
  • Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
  • Enable system security properties in the RPM (now disabled by default in the FIPS repo)
  • Improve security properties test to check both enabled and disabled behaviour
  • Run security properties test with property debugging on
  • Resolves: rhbz#2106516
  • Resolves: rhbz#2099915
  • Resolves: rhbz#2107868
    [1:11.0.16.0.8-1]
  • Add additional patch during tarball generation to align tests with ECC changes
  • Related: rhbz#2106516
    [1:11.0.16.0.8-1]
  • RH2007331: SecretKey generate/import operations don’t add the CKA_SIGN attribute in FIPS mode
  • Resolves: rhbz#2107866

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N