You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa java

Sigurnosni nedostaci programskog paketa java

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2020-845860fd4f
2020-10-26 01:05:46.531330
——————————————————————————–

Name : java-11-openjdk
Product : Fedora 33
Version : 11.0.9.11
Release : 0.fc33
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 11
Description :
The OpenJDK runtime environment.

——————————————————————————–
Update Information:

New in release OpenJDK 11.0.9 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: * https://protect2.fireeye.com/v1/url?k=8a0fbf12-d61d0b16-8a0822de-000babd90757-9e3e0266d79df4ed&q=1&e=1f791c86-f236-47d2-902c-e46753a7b78e&u=https%3A%2F%2Fbitly.com%2Fopenjdk1109 *
https://protect2.fireeye.com/v1/url?k=c868ad6f-947a196b-c86f30a3-000babd90757-80d0b3e423894fd3&q=1&e=1f791c86-f236-47d2-902c-e46753a7b78e&u=https%3A%2F%2Fbuilds.shipilev.net%2Fbackports-monitor%2Frelease-notes-11.0.9.txt ##
Security fixes – JDK-8233624: Enhance JNI linkage – JDK-8236196: Improve
string pooling – JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
– JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts – JDK-8237995,
CVE-2020-14782: Enhance certificate processing – JDK-8240124: Better VM
Interning – JDK-8241114, CVE-2020-14792: Better range handling –
JDK-8242680, CVE-2020-14796: Improved URI Support – JDK-8242685,
CVE-2020-14797: Better Path Validation – JDK-8242695, CVE-2020-14798: Enhanced
buffer support – JDK-8243302: Advanced class supports – JDK-8244136,
CVE-2020-14803: Improved Buffer supports – JDK-8244479: Further constrain
certificates – JDK-8244955: Additional Fix for JDK-8240124 – JDK-8245407:
Enhance zoning of times – JDK-8245412: Better class definitions –
JDK-8245417: Improve certificate chain handling – JDK-8248574: Improve jpeg
processing – JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit –
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK’s update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
“US/Pacific-New” zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
——————————————————————————–
ChangeLog:

* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:11.0.9.11-0
– Temporarily roll back tzdata build requirement while tzdata update is still in testing
* Mon Oct 19 2020 Severin Gehwolf <sgehwolf@redhat.com> – 1:11.0.9.11-0
– Fix directory ownership of static-libs package
* Thu Oct 15 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:11.0.9.11-0
– Update to jdk-11.0.9+11
– Update release notes for 11.0.9 release.
– Add backport of JDK-8254177 to update to tzdata 2020b
– Require tzdata 2020b due to resource changes in JDK-8254177
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-845860fd4f’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=b95853b3-e54ae7b7-b95fce7f-000babd90757-290c8d82a6c3d81a&q=1&e=1f791c86-f236-47d2-902c-e46753a7b78e&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-5708dd5b87
2020-10-26 01:05:46.531379
——————————————————————————–

Name : java-1.8.0-openjdk
Product : Fedora 33
Version : 1.8.0.272.b10
Release : 0.fc33
URL : http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

——————————————————————————–
Update Information:

New in release OpenJDK 8u272 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: * https://protect2.fireeye.com/v1/url?k=80289572-dc3a2176-802f08be-000babd90757-6d8f8256e6e2402d&q=1&e=97d1d88f-3a24-4b5b-a6b4-8d9a79882c1b&u=https%3A%2F%2Fbitly.com%2Fopenjdk8u272 *
https://protect2.fireeye.com/v1/url?k=d7d653f2-8bc4e7f6-d7d1ce3e-000babd90757-aad83f7a100847e0&q=1&e=97d1d88f-3a24-4b5b-a6b4-8d9a79882c1b&u=https%3A%2F%2Fbuilds.shipilev.net%2Fbackports-monitor%2Frelease-notes-openjdk8u272.txt ##
New features * JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 ##
Security fixes – JDK-8233624: Enhance JNI linkage – JDK-8236196: Improve
string pooling – JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
– JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts – JDK-8237995,
CVE-2020-14782: Enhance certificate processing – JDK-8240124: Better VM
Interning – JDK-8241114, CVE-2020-14792: Better range handling –
JDK-8242680, CVE-2020-14796: Improved URI Support – JDK-8242685,
CVE-2020-14797: Better Path Validation – JDK-8242695, CVE-2020-14798: Enhanced
buffer support – JDK-8243302: Advanced class supports – JDK-8244136,
CVE-2020-14803: Improved Buffer supports – JDK-8244479: Further constrain
certificates – JDK-8244955: Additional Fix for JDK-8240124 – JDK-8245407:
Enhance zoning of times – JDK-8245412: Better class definitions –
JDK-8245417: Improve certificate chain handling – JDK-8248574: Improve jpeg
processing – JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit –
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK’s update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
“US/Pacific-New” zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
——————————————————————————–
ChangeLog:

* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.272.b10-0
– Temporarily roll back tzdata build requirement while tzdata update is still in testing
* Sat Oct 17 2020 Andrew Hughes <gnu.andrew@redhat.com> – 1:1.8.0.272.b10-0
– Update to aarch64-shenandoah-jdk8u272-b10.
– Switch to GA mode for final release.
– Update release notes for 8u272 release.
– Add backport of JDK-8254177 to update to tzdata 2020b
– Require tzdata 2020b due to resource changes in JDK-8254177
– Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302
– Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-5708dd5b87’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=7cd7f4a9-20c540ad-7cd06965-000babd90757-7789b2b95c6250b4&q=1&e=97d1d88f-3a24-4b5b-a6b4-8d9a79882c1b&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

AutorBruno Varga
Cert idNCERT-REF-2020-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa atftp

Otkriven je sigurnosni nedostatak u programskom paketu atftp za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close