You are here
Home > Preporuke > Sigurnosni nedostaci programskog jezika java

Sigurnosni nedostaci programskog jezika java

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2020-07-23 01:04:57.639298

Name : java-1.8.0-openjdk
Product : Fedora 32
Version :
Release : 1.fc32
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

Update Information:

# July 2020 OpenJDK security update for OpenJDK 8. Full release notes: ## New features *
[JDK-8223147]( JFR Backport
## Security fixes – JDK-8028431, CVE-2020-14579: NullPointerException in
DerValue.equals(DerValue) – JDK-8028591, CVE-2020-14578:
NegativeArraySizeException in – JDK-8230613: Better
ASCII conversions – JDK-8231800: Better listing of arrays – JDK-8232014:
Expand DTD support – JDK-8233255: Better Swing Buttons – JDK-8234032:
Improve basic calendar services – JDK-8234042: Better factory production of
certificates – JDK-8234418: Better parsing with CertificateFactory –
JDK-8234836: Improve serialization handling – JDK-8236191: Enhance OID
processing – JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior –
JDK-8237592, CVE-2020-14577: Enhance certificate verification – JDK-8238002,
CVE-2020-14581: Better matrix operations – JDK-8238804: Enhance key handling
process – JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable –
JDK-8238843: Enhanced font handing – JDK-8238920, CVE-2020-14583: Better
Buffer support – JDK-8238925: Enhance WAV file playback – JDK-8240119,
CVE-2020-14593: Less Affine Transformations – JDK-8240482: Improved WAV file
playback – JDK-8241379: Update JCEKS support – JDK-8241522: Manifest
improved jar headers redux – JDK-8242136, CVE-2020-14621: Better XML namespace
handling ## [JDK-8240687](
JDK Flight Recorder Integrated to OpenJDK 8u OpenJDK 8u now contains the
backport of JEP 328: Flight Recorder ( from
later versions of OpenJDK. JFR is a low-overhead framework to collect and
provide data helpful to troubleshoot the performance of the OpenJDK runtime and
of Java applications. It consists of a new API to define custom events under the
jdk.jfr namespace and a JMX interface to interact with the framework. The
recording can also be initiated with the application startup using the
-XX:+FlightRecorder flag or via jcmd. JFR replaces the +XX:EnableTracing feature
introduced in JEP 167, providing a more efficient way to retrieve the same
information. For compatibility reasons, +XX:EnableTracing is still accepted,
however no data will be printed. While JFR is not built by default upstream, it
is included in Fedora binaries for supported architectures (x86_64, AArch64 &
PowerPC 64) ## [JDK-8205622](
JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
JFR will be disabled with a warning message if it is enabled during CDS dumping.
The user will see the following warning message: OpenJDK 64-Bit Server VM
warning: JFR will be disabled during CDS dumping if JFR is enabled during CDS
dumping such as in the following command line: $ java -Xshare:dump
-XX:StartFlightRecording=dumponexit=true ##
[JDK-8244167]( Removal of
Comodo Root CA Certificate The following expired Comodo root CA certificate was
removed from the `cacerts` keystore: + alias name “addtrustclass1ca [jdk]”
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network,
O=AddTrust AB, C=SE ##
[JDK-8244166]( Removal of
DocuSign Root CA Certificate The following expired DocuSign root CA certificate
was removed from the `cacerts` keystore: + alias name “keynectisrootca [jdk]”
[JDK-8240191]( Allow SunPKCS11
initialization with NSS when external FIPS modules are present in the Security
Modules Database The SunPKCS11 security provider can now be initialized with
NSS when FIPS-enabled external modules are configured in the Security Modules
Database (NSSDB). Prior to this change, the SunPKCS11 provider would throw a
RuntimeException with the message: “FIPS flag set for non-internal module” when
such a library was configured for NSS in non-FIPS mode. This change allows the
JDK to work properly with recent NSS releases on GNU/Linux operating systems
when the system-wide FIPS policy is turned on. Further information can be found
in [JDK-8238555](

* Mon Jul 13 2020 Jiri Vanek <> – 1:
– Set vendor property and vendor URLs
– Made URLs to be preconfigured by OS
* Sun Jul 12 2020 Andrew Hughes <> – 1:
– Update to aarch64-shenandoah-jdk8u262-b10.
– Update release notes for 8u262 release.
– Remove issues in NEWS file duplicated between 8u252 & 8u262 releases.
– Update script to use the PR3756 patch and retain the secp256k1 curve.
– Add the -‘4curve’ suffix to the tarball name.
– Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR
– Adjust RH1648644 following context changes due to introduction of JFR packages
– Split JDK-8042159 patch into per-repo patches as upstream.
– Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk
– Remove JDK-8244461 & JDK-8233880 backports included upstream in 8u262-b03.
– Enable JFR in our builds, ahead of upstream default.
– Only enable JFR for JIT builds, as it is not supported with Zero.
– Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash.
– Explicitly list jfr.jar, default.jfc & profile.jfc in the spec file.
– Introduce jfr_arches for architectures which support JFR.
– Fix typo in jfr_arches which leads to ppc64 being wrongly excluded.
– Add jfr binary to devel package and alternatives set
– With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR.
– Require tzdata 2020a so system tzdata matches resource updates in b07
– Use sa_arches for inclusion.
* Wed May 27 2020 Jiri Andrlik <> – 1:
– backports of provides fixes from master

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-e418151dc3’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorFilip Omazic
Cert idNCERT-REF-2020-07-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa mingw-python3

Otkriveni su sigurnosni nedostaci u programskom paketu mingw-python3 za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja....