Fedora Linux 8486 Published by

A java-latest-openjdk security update has been released for Fedora 36.

SECURITY: Fedora 36 Update: java-latest-openjdk-

Fedora Update Notification
2023-02-05 01:52:43.638507

Name : java-latest-openjdk
Product : Fedora 36
Version :
Release : 1.rolling.fc36
URL :   http://openjdk.java.net/
Summary : OpenJDK 19 Runtime Environment
Description :
The OpenJDK 19 runtime environment.

Update Information:

# New in release OpenJDK 19.0.2 (2023-01-17) ## CVEs Fixed * CVE-2023-21835 *
CVE-2023-21843 ## Security Fixes - JDK-8286070: Improve UTF8 representation
- JDK-8286496: Improve Thread labels - JDK-8287411: Enhance DTLS performance
- JDK-8288516: Enhance font creation - JDK-8293554: Enhanced DH Key Exchanges
- JDK-8293598: Enhance InetAddress address handling - JDK-8293717: Objective
view of ObjectView - JDK-8293734: Improve BMP image handling - JDK-8293742:
Better Banking of Sounds - JDK-8295687: Better BMP bounds ## Major Changes
### JDK-8295687: Better BMP bounds Loading a linked ICC profile within a BMP
image is now disabled by default. To re-enable it, set the new system property
`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property replaces
the old property, `sun.imageio.plugins.bmp.disableLinkedProfiles`. ###
JDK-8293742: Better Banking of Sounds Previously, the SoundbankReader
implementation, `com.sun.media.sound.JARSoundbankReader`, would download a JAR
soundbank from a URL. This behaviour is now disabled by default. To re-enable
it, set the new system property `jdk.sound.jarsoundbank` to `true`. ###
JDK-8287411: Enhance DTLS performance The JDK now exchanges DTLS cookies for
all handshakes, new and resumed. The previous behaviour can be re-enabled by
setting the new system property `jdk.tls.enableDtlsResumeCookie` to `false`.

* Thu Jan 26 2023 Andrew Hughes - 1:
- Revert "Flip the use of in-tree libraries back on by default"
- The transition to bundled libraries is an F37 feature that should not be backported.
* Thu Jan 26 2023 Andrew Hughes - 1:
- Update to jdk-19.0.2 release
- Update release notes to 19.0.2
- Drop JDK-8293834 (CLDR update for Kyiv) which is now upstream
- Drop JDK-8294357 (tzdata2022d), JDK-8295173 (tzdata2022e) & JDK-8296108 (tzdata2022f) local patches which are now upstream
- Drop JDK-8296715 (CLDR update for 2022f) which is now upstream
- Add local patch JDK-8295447 (javac NPE) which was accepted into 19u upstream but not in the GA tag
- Add local patches for JDK-8296239 & JDK-8299439 (Croatia Euro update) which are present in 8u, 11u & 17u releases
* Thu Jan 19 2023 Fedora Release Engineering - 1:
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 16 2022 Andrew Hughes - 1:
- Update in-tree tzdata & CLDR to 2022g with JDK-8296108, JDK-8296715 & JDK-8297804
- Update TestTranslations.java to test the new America/Ciudad_Juarez zone

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-43bce108c7' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at