ELSA-2022-5736

ULN >
Oracle Linux Errata repository >
ELSA-2022-5736

ELSA-2022-5736 - java-17-openjdk security, bug fix, and enhancement update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2022-07-28

Description

[1:17.0.4.0.8-0.2.ea]
- Revert the following changes until copy-java-configs has adapted to relative symlinks:
- * Move cacerts replacement to install section and retain original of this and tzdb.dat
- * Run tests on the installed image, rather than the build image
- * Introduce variables to refer to the static library installation directories
- * Use relative symlinks so they work within the image
- * Run debug symbols check during build stage, before the install strips them
- The move of turning on system security properties is retained so we don't ship with them off
- Related: rhbz#2084779

[1:17.0.4.0.8-1]
- Update to jdk-17.0.4.0+8
- Update release notes to 17.0.4.0+8
- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
- Print release file during build, which should now include a correct SOURCE value from .src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
- Move EA designator check to prep so failures can be caught earlier
- Make EA designator check non-fatal while upstream is not maintaining it
- Explicitly require crypto-policies during build and runtime for system security properties
- Make use of the vendor version string to store our version & release rather than an upstream release date
- Include a test in the RPM to check the build has the correct vendor information.
- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
- * RH2094027: SunEC runtime permission for FIPS
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
- Turn on system security properties as part of the build's install section
- Move cacerts replacement to install section and retain original of this and tzdb.dat
- Run tests on the installed image, rather than the build image
- Introduce variables to refer to the static library installation directories
- Use relative symlinks so they work within the image
- Run debug symbols check during build stage, before the install strips them
- Resolves: rhbz#2084779
- Resolves: rhbz#2099919
- Resolves: rhbz#2107943
- Resolves: rhbz#2107941
- Resolves: rhbz#2106523

[1:17.0.4.0.1-0.2.ea]
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
- Add proper quoting so '&' is not treated as a special character by the shell.
- Related: rhbz#2084779

[1:17.0.3.0.7-2]
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
- Resolves: rhbz#2105395

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	java-17-openjdk-17.0.4.0.8-2.el9_0.src.rpm	4935a2494d8c8a5b450e8f5d662756f381822469012fd064885bed0f28568582	-	ol9_aarch64_appstream
	java-17-openjdk-17.0.4.0.8-2.el9_0.src.rpm	4935a2494d8c8a5b450e8f5d662756f381822469012fd064885bed0f28568582	-	ol9_aarch64_codeready_builder
	java-17-openjdk-17.0.4.0.8-2.el9_0.aarch64.rpm	09cd3a355eb90a42a0b22d864cccf1a53b4715e86eca86fc29df21b3071aa775	-	ol9_aarch64_appstream
	java-17-openjdk-demo-17.0.4.0.8-2.el9_0.aarch64.rpm	8b469ea78d96bf5de8b94d9b57dbc045a8c5171fd7d2d5c58f1a38b3b6142410	-	ol9_aarch64_appstream
	java-17-openjdk-demo-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	ab758d12efa4324b0ae884f221e70c1b7a8e19732cf25fec88e519384e18686c	-	ol9_aarch64_codeready_builder
	java-17-openjdk-demo-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	d351e87bf136f9997f4fb89fc3bad2de390c5f513c28c8da2e74cbd709355a41	-	ol9_aarch64_codeready_builder
	java-17-openjdk-devel-17.0.4.0.8-2.el9_0.aarch64.rpm	2d4c3840411c7c9d71fb34f4bf1181db6e1cb3f0f949b0e9396a3f36843e2d8d	-	ol9_aarch64_appstream
	java-17-openjdk-devel-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	f2a38413f167be26ed6778f8aa55f7ba22f682d626523ba4f59004a280b98571	-	ol9_aarch64_codeready_builder
	java-17-openjdk-devel-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	2bdd4cc9f06b90aa49d092c98985cbb67df2f4aa6764e92fba9205a1d9351bf2	-	ol9_aarch64_codeready_builder
	java-17-openjdk-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	9a55921670b0146f6176eade67df418846c3ec787f4196755b80e0baf712e579	-	ol9_aarch64_codeready_builder
	java-17-openjdk-headless-17.0.4.0.8-2.el9_0.aarch64.rpm	d73e20bfbeb8674bd5a0b8b13ed8f6199c4820d16ed3803e8224e6c93886eaf6	-	ol9_aarch64_appstream
	java-17-openjdk-headless-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	a8d0b9eb84df1be17de0962706c848c6ddaae58b9b905d293dbf4abcc6c2db1a	-	ol9_aarch64_codeready_builder
	java-17-openjdk-headless-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	5fb9e0fc6e20ca88e84c6f40933fddea42755cd7916721f01b74a505172bfba5	-	ol9_aarch64_codeready_builder
	java-17-openjdk-javadoc-17.0.4.0.8-2.el9_0.aarch64.rpm	01ae99aca253a47768fc20885e1fe0b71ec1fa64157cedd9cdf78b8bd73496bd	-	ol9_aarch64_appstream
	java-17-openjdk-javadoc-zip-17.0.4.0.8-2.el9_0.aarch64.rpm	117e7b27b8cde41b2b489ee7a77f4b74a90714c7db28836602d8cbfb9f673bae	-	ol9_aarch64_appstream
	java-17-openjdk-jmods-17.0.4.0.8-2.el9_0.aarch64.rpm	bafd7e56322c0ffefaa491be3f4910c16319e2cf545307cedc02dcc2651c3517	-	ol9_aarch64_appstream
	java-17-openjdk-jmods-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	1946b73cbb2ac85c066b9fe4a1602289270df3ebe7e5ac6df26cdace35cde38b	-	ol9_aarch64_codeready_builder
	java-17-openjdk-jmods-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	7243b0b1eacd7d328a4668b5789bd4084710a89d3c9b776c9eb3043db1a4c35e	-	ol9_aarch64_codeready_builder
	java-17-openjdk-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	d609f13b7ffb89a1949ac77573f8eb52f3b1821526fb85e819e8c9a8dd7e810a	-	ol9_aarch64_codeready_builder
	java-17-openjdk-src-17.0.4.0.8-2.el9_0.aarch64.rpm	bac4841d7a5f830aca89e3828f82f92c0f2fd03368ccb6d53123092303b5f1eb	-	ol9_aarch64_appstream
	java-17-openjdk-src-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	0837d185b00ebd63cca5add81704d682c26a7686e0a355fefab3b670544c270c	-	ol9_aarch64_codeready_builder
	java-17-openjdk-src-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	57ed85c4914423e20603bd539c94392d1ed5f74eabd34b2539282cb35fc0b573	-	ol9_aarch64_codeready_builder
	java-17-openjdk-static-libs-17.0.4.0.8-2.el9_0.aarch64.rpm	10c9a3a54d10c5daac15b3737ef49f70c968e3b80ccc225711e5361eda6f5922	-	ol9_aarch64_appstream
	java-17-openjdk-static-libs-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	514edf23d48b669089d18139b0da0188391d0983d38b1184b9c038ff656b0b88	-	ol9_aarch64_codeready_builder
	java-17-openjdk-static-libs-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	48f9c2d98bbdb5f1f88fdac4113a609d4ed04aaf9f460e45c36f8ab8b6ad7208	-	ol9_aarch64_codeready_builder

Oracle Linux 9 (x86_64)	java-17-openjdk-17.0.4.0.8-2.el9_0.src.rpm	4935a2494d8c8a5b450e8f5d662756f381822469012fd064885bed0f28568582	-	ol9_x86_64_appstream
	java-17-openjdk-17.0.4.0.8-2.el9_0.src.rpm	4935a2494d8c8a5b450e8f5d662756f381822469012fd064885bed0f28568582	-	ol9_x86_64_codeready_builder
	java-17-openjdk-17.0.4.0.8-2.el9_0.x86_64.rpm	a564abedeb9f4e36773cd9eaf7b2f4ee57549c234402f62a12ed053d3e9b566c	-	ol9_x86_64_appstream
	java-17-openjdk-demo-17.0.4.0.8-2.el9_0.x86_64.rpm	5e130e2772b463d5a328f32883ec2f00ea4772670f6202ee55cb136048ac6e96	-	ol9_x86_64_appstream
	java-17-openjdk-demo-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	fae16bf0640fb953cb3045deb3ec5e1d08978acf50ad23e60cff92e9cd19ac4e	-	ol9_x86_64_codeready_builder
	java-17-openjdk-demo-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	fa67c5041089c3050c70ffee9ab48e2e06d375dc822a5652d556468f467c4ef7	-	ol9_x86_64_codeready_builder
	java-17-openjdk-devel-17.0.4.0.8-2.el9_0.x86_64.rpm	2cbeec56e1430df8836dda3dca6d1734699d8a00c7e9ff2e0e31154c6030805f	-	ol9_x86_64_appstream
	java-17-openjdk-devel-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	6563394a02df856c4a5997baf099a32e8ac3a11fba119da1c1761c09902acfa7	-	ol9_x86_64_codeready_builder
	java-17-openjdk-devel-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	46c171e33ba9f774045f7cb2ca170c5ef95305ac61075f5864fc42d0675dfb0e	-	ol9_x86_64_codeready_builder
	java-17-openjdk-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	62a689677aa1d955a9e13c9a2e2a26be7833590f6ca1d6dd498820f3a0b9f81c	-	ol9_x86_64_codeready_builder
	java-17-openjdk-headless-17.0.4.0.8-2.el9_0.x86_64.rpm	6408b97aa88183a73296999fe036104cb58fe9f3caad31e3c91eb89c967a9a46	-	ol9_x86_64_appstream
	java-17-openjdk-headless-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	164ed184502fe3ecd52e99dce5dd680946448e0fd5c656bf417e20cd92b46938	-	ol9_x86_64_codeready_builder
	java-17-openjdk-headless-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	98624d00d51e033fbbe5d8d8b797a050b7e447222bb4e538df58d5b30b8089d5	-	ol9_x86_64_codeready_builder
	java-17-openjdk-javadoc-17.0.4.0.8-2.el9_0.x86_64.rpm	9bb3afbff5e2b407c70bfa282d3922cddf3f039a48c2275b19e874e4fef97b74	-	ol9_x86_64_appstream
	java-17-openjdk-javadoc-zip-17.0.4.0.8-2.el9_0.x86_64.rpm	8e92a3f3f15aee0ddbf488dbaeb6f09e60de450e8a42ee2dfba3f0deaea218ec	-	ol9_x86_64_appstream
	java-17-openjdk-jmods-17.0.4.0.8-2.el9_0.x86_64.rpm	e62435dc1c7575f0b913eb6244e71e149daab14ca0fc19fd1b1701f063a3da5a	-	ol9_x86_64_appstream
	java-17-openjdk-jmods-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	cde8dd73afe5833134da114da81abd153491de731a8afaa49f4e89cc3e859591	-	ol9_x86_64_codeready_builder
	java-17-openjdk-jmods-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	b04de9ac30484391f20fde81fc9b36c0086dda1c5b6f62fc9b67cd11fa36b34b	-	ol9_x86_64_codeready_builder
	java-17-openjdk-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	8b6c4ff05bc5b663f0a95bc676f24af524ebae0deaa5c03e693162bcd68e8f1c	-	ol9_x86_64_codeready_builder
	java-17-openjdk-src-17.0.4.0.8-2.el9_0.x86_64.rpm	1da951d4ce037b0556dba4802e89a60a0292f24112d5f61c3bd4a8890848c1e6	-	ol9_x86_64_appstream
	java-17-openjdk-src-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	79ad22f86dfcfdd75cf71254956f3311be65047b662eb64ccaf545e19f964200	-	ol9_x86_64_codeready_builder
	java-17-openjdk-src-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	0d59960d27d5f0c7d01e30e09918422a2fc26e262c0fbaa5d9c0db9129b11c40	-	ol9_x86_64_codeready_builder
	java-17-openjdk-static-libs-17.0.4.0.8-2.el9_0.x86_64.rpm	925e898e81f494d75a1848ba1b72f9b3ac99207465b3773f6fcfa3f05018362e	-	ol9_x86_64_appstream
	java-17-openjdk-static-libs-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	66b4991e5e2e1381b485174cff2667fc5477d4d1d639e2752db4cde0ecfa87d9	-	ol9_x86_64_codeready_builder
	java-17-openjdk-static-libs-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	33b1a2a70d62c0d499457c9955f8032aeaf2aa7a2a67b72dc0f8d59f556b1112	-	ol9_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691