Fedora Linux 8798 Published by

A java-1.8.0-openjdk security update has been released for Fedora 31.



SECURITY: Fedora 31 Update: java-1.8.0-openjdk-1.8.0.272.b10-0.fc31


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-febe36c3ac
2020-10-31 02:01:36.973686
--------------------------------------------------------------------------------

Name : java-1.8.0-openjdk
Product : Fedora 31
Version : 1.8.0.272.b10
Release : 0.fc31
URL :   http://openjdk.java.net/
Summary : OpenJDK Runtime Environment 8
Description :
The OpenJDK runtime environment 8.

--------------------------------------------------------------------------------
Update Information:

New in release OpenJDK 8u272 (2020-10-20):
=========================================== Full versions of these release
notes can be found at: *   https://bitly.com/openjdk8u272 *
  https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt ##
New features * JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 ##
Security fixes - JDK-8233624: Enhance JNI linkage - JDK-8236196: Improve
string pooling - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
- JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts - JDK-8237995,
CVE-2020-14782: Enhance certificate processing - JDK-8240124: Better VM
Interning - JDK-8241114, CVE-2020-14792: Better range handling -
JDK-8242680, CVE-2020-14796: Improved URI Support - JDK-8242685,
CVE-2020-14797: Better Path Validation - JDK-8242695, CVE-2020-14798: Enhanced
buffer support - JDK-8243302: Advanced class supports - JDK-8244136,
CVE-2020-14803: Improved Buffer supports - JDK-8244479: Further constrain
certificates - JDK-8244955: Additional Fix for JDK-8240124 - JDK-8245407:
Enhance zoning of times - JDK-8245412: Better class definitions -
JDK-8245417: Improve certificate chain handling - JDK-8248574: Improve jpeg
processing - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit -
JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name
removed as part of tzdata2020b Following JDK's update to tzdata2020b, the long-
obsolete files pacificnew and systemv have been removed. As a result, the
"US/Pacific-New" zone name declared in the pacificnew data file is no longer
available for use. Information regarding the update can be viewed at
  https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-0
- Update to aarch64-shenandoah-jdk8u272-b10.
- Test build JDK is usable by running 'java -version'.
- JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default.
- Remove JDK-8154313 backport now applied upstream.
- Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream.
- Update tarball generation script to use PR3795, following inclusion of JDK-8177334
- Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003
- Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464
- Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3)
- Update release notes for 8u272 release.
- Add backport of JDK-8254177 to update to tzdata 2020b
- Require tzdata 2020b due to resource changes in JDK-8254177
- Temporarily roll back tzdata build requirement while tzdata update is still in testing
- Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302
- Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955
* Wed Aug 5 2020 Severin Gehwolf - 1:1.8.0.272.b01-0.1.ea
- Fix vendor name to include '.': Red Hat, Inc => Red Hat, Inc.
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-febe36c3ac' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys