Stay Connected:

ELSA-2023-6887

ELSA-2023-6887 - java-21-openjdk security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2023-11-18

Description


[1:21.0.1.0.12-2.0.1]
- Add Oracle vendor bug URL

[1:21.0.1.0.12-2]
- Switch to using portable binaries built on RHEL 7
- Sync the copy of the portable specfile with the RHEL 7 version
- Related: RHEL-12997

[1:21.0.1.0.12-1]
- Update to jdk-21.0.1.0+12 (GA)
- Update release notes to 21.0.1.0+12
- Sync the copy of the portable specfile with the latest update
- Update openjdk_news script to specify subdirectory last
- Add missing discover_trees script required by openjdk_news
- Synchronise bundled versions with 21u sources (FreeType, LCMS, HarfBuzz, libpng)
- Sync generate_tarball.sh with 11u & 17u version
- Update bug URL for RHEL to point to the Red Hat customer portal
- Fix upstream release URL for OpenJDK source
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
- Use tapsets from the misc tarball
- Introduce 'prelease' for the portable release versioning, to handle EA builds
- Make sure root installation directory is created first
- Use in-place substitution for all but the first of the tapset changes
- Synchronise runtime and buildtime tzdata requirements
- Remove ghosts for binaries not in java-21-openjdk (pack200, rmid, unpack200)
- Add missing jfr, jpackage and jwebserver alternative ghosts
- Move jcmd to the headless package
- Revert alt-java binary location to being within the JDK tree
- Resolves: RHEL-12997
- Resolves: RHEL-14954
- Resolves: RHEL-14962
- Resolves: RHEL-14958
- Related: RHEL-14946
- Resolves: RHEL-14959
- Resolves: RHEL-14948

[1:21.0.1.0.12-1]
- Exclude classes_nocoops.jsa on i686 and arm32
- Related: RHEL-14946

[1:21.0.1.0.12-1]
- Fix packaging of CDS archives
- Resolves: RHEL-14946

[1:21.0.0.0.35-2]
- Update documentation (README.md)
- Replace alt-java patch with a binary separate from the JDK
- Drop stale patches that are of little use any more:
- * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work
- * No accessibility subpackage to warrant RH1648242 & RH1648644 patches any more
- * No use of system libjpeg turbo to warrant RH649512 patch any more
- Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed
- Adapt alt-java test to new binary where there is always a set_speculation function
- Related: RHEL-12997

[1:21.0.0.0.35-1]
- Update to jdk-21.0.0+35
- Update system crypto policy & FIPS patch from new fips-21u tree
- Update generate_tarball.sh to sync with upstream vanilla script inc. no more ECC removal
- Drop fakefeaturever now it is no longer needed
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
- Use upstream release URL for OpenJDK source
- Re-enable tzdata tests now we are on the latest JDK and things are back in sync
- Install jaxp.properties introduced by JDK-8303530
- Install lible.so introduced by JDK-8306983
- Related: RHEL-12997

[1:21.0.0.0.35-1]
- Replace smoke test files used in the staticlibs test, as fdlibm was removed by JDK-8303798
- Related: RHEL-12997

[1:20.0.0.0.36-1]
- Update to jdk-20.0.2+9
- Update release notes to 20.0.2+9
- Update system crypto policy & FIPS patch from new fips-20u tree
- Update generate_tarball.sh ICEDTEA_VERSION
- Update CLDR reference data following update to 42 (Rocky Mountain-Normalzeit => Rocky-Mountain-Normalzeit)
- Related: RHEL-12997

[1:20.0.0.0.36-1]
- Dropped JDK-8295447, JDK-8296239 & JDK-8299439 patches now upstream
- Adapted rh1750419-redhat_alt_java.patch
- Related: RHEL-12997

[1:19.0.1.0.10-1]
- Update to jdk-19.0.2 release
- Update release notes to 19.0.2
- Rebase FIPS patches from fips-19u branch
- Remove references to sample directory removed by JDK-8284999
- Add local patch JDK-8295447 (javac NPE) which was accepted into 19u upstream but not in the GA tag
- Add local patches for JDK-8296239 & JDK-8299439 (Croatia Euro update) which are present in 8u, 11u & 17u releases
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Update to jdk-18.0.2 release
- Support JVM variant zero following JDK-8273494 no longer installing Zero's libjvm.so in the server directory
- Rebase FIPS patches from fips-18u branch
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Drop now unused fresh_libjvm, build_hotspot_first, bootjdk and buildjdkver variables, as we don't build a JDK here
- Drop tzdata patches added for 17.0.7 which will eventually appear in the upstream tarball when we reach OpenJDK 21
- Disable tzdata tests until we are on the latest JDK and things are back in sync
- Use empty nss.fips.cfg until it is again available via the FIPS patch
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Update to ea version of jdk18
- Add new slave jwebserver and corresponding manpage
- Adjust rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
- Related: RHEL-12997

[1:17.0.7.0.7-4]
- Add files missed by centpkg import.
- Related: rhbz#2192748

[1:17.0.7.0.7-3]
- Create java-21-openjdk package based on java-17-openjdk
- Related: rhbz#2192748


Related CVEs


CVE-2023-22025
CVE-2023-22081

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) java-21-openjdk-21.0.1.0.12-2.0.1.el8.src.rpm074af56245a8aad62a5cf74d02f06087-ol8_aarch64_appstream
java-21-openjdk-21.0.1.0.12-2.0.1.el8.src.rpm074af56245a8aad62a5cf74d02f06087-ol8_aarch64_codeready_builder
java-21-openjdk-21.0.1.0.12-2.0.1.el8.aarch64.rpm54a9f2b6f8f7ea57eeaae479baf7339e-ol8_aarch64_appstream
java-21-openjdk-demo-21.0.1.0.12-2.0.1.el8.aarch64.rpmb3667d80cdeda91cb1627dab05385228-ol8_aarch64_appstream
java-21-openjdk-demo-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpmf4c9d1aeee75ec68b65955a9c8df5280-ol8_aarch64_codeready_builder
java-21-openjdk-demo-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpmfc78c6e6788040c19c45973805e767c8-ol8_aarch64_codeready_builder
java-21-openjdk-devel-21.0.1.0.12-2.0.1.el8.aarch64.rpm4c03c241b77ae7c3e4bae5d1c8d21002-ol8_aarch64_appstream
java-21-openjdk-devel-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm73fd680de56ceed75b345620b1a866b9-ol8_aarch64_codeready_builder
java-21-openjdk-devel-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm6bda5e205d9b608403d20ddb8569a7b6-ol8_aarch64_codeready_builder
java-21-openjdk-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm7dada7fc25bf06dfda4b8e681354b127-ol8_aarch64_codeready_builder
java-21-openjdk-headless-21.0.1.0.12-2.0.1.el8.aarch64.rpm3a2700d3acb0e5ddb4b1a055b7202959-ol8_aarch64_appstream
java-21-openjdk-headless-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpmdaa7e61591ea036cfa57fd3dff0a0345-ol8_aarch64_codeready_builder
java-21-openjdk-headless-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpmdc203cfd0538343cd57b2272e24f5e7d-ol8_aarch64_codeready_builder
java-21-openjdk-javadoc-21.0.1.0.12-2.0.1.el8.aarch64.rpm18dd1790c60049fea79da7e006f7a737-ol8_aarch64_appstream
java-21-openjdk-javadoc-zip-21.0.1.0.12-2.0.1.el8.aarch64.rpmbf23783e050aa2b07212768d7dea767c-ol8_aarch64_appstream
java-21-openjdk-jmods-21.0.1.0.12-2.0.1.el8.aarch64.rpm1212540d36b2da5c4db319974ca76971-ol8_aarch64_appstream
java-21-openjdk-jmods-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm02ef9bc44bd494d6cfc2139f858404e3-ol8_aarch64_codeready_builder
java-21-openjdk-jmods-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm9904bbc3584b5508d5a93d2a63f5f854-ol8_aarch64_codeready_builder
java-21-openjdk-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm7d5b874e752a867e589f6a589313bf88-ol8_aarch64_codeready_builder
java-21-openjdk-src-21.0.1.0.12-2.0.1.el8.aarch64.rpm6b02c826a92544778bb604561387dbff-ol8_aarch64_appstream
java-21-openjdk-src-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm3a2576ab41de31f4aa6ba96ed69e7a88-ol8_aarch64_codeready_builder
java-21-openjdk-src-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm1d14632e6886c4d944dffb88ea369ace-ol8_aarch64_codeready_builder
java-21-openjdk-static-libs-21.0.1.0.12-2.0.1.el8.aarch64.rpm91e645d077bdae994d60bc0be9adedf1-ol8_aarch64_appstream
java-21-openjdk-static-libs-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpmb4b0ffe4b76e629d272694b809935a1d-ol8_aarch64_codeready_builder
java-21-openjdk-static-libs-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpmc12da179da174b54f49895a90f441dd0-ol8_aarch64_codeready_builder
Oracle Linux 8 (x86_64) java-21-openjdk-21.0.1.0.12-2.0.1.el8.src.rpm074af56245a8aad62a5cf74d02f06087-ol8_x86_64_appstream
java-21-openjdk-21.0.1.0.12-2.0.1.el8.src.rpm074af56245a8aad62a5cf74d02f06087-ol8_x86_64_codeready_builder
java-21-openjdk-21.0.1.0.12-2.0.1.el8.x86_64.rpm23ec805ebfd71f89e79830ac8a7699fc-ol8_x86_64_appstream
java-21-openjdk-demo-21.0.1.0.12-2.0.1.el8.x86_64.rpm3bae65bc07a684ea3df2ad0a9c15162a-ol8_x86_64_appstream
java-21-openjdk-demo-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpmc6b3c134b45e66020073f0fc4a835655-ol8_x86_64_codeready_builder
java-21-openjdk-demo-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm2233dbe254928b880118e13e27e7eceb-ol8_x86_64_codeready_builder
java-21-openjdk-devel-21.0.1.0.12-2.0.1.el8.x86_64.rpm7eb56ae98654edb87ce96d5157967aa9-ol8_x86_64_appstream
java-21-openjdk-devel-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpmf36f2924f8fa6de067022ab613251b92-ol8_x86_64_codeready_builder
java-21-openjdk-devel-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm304b8db8c6e142527b59b2352be71ecd-ol8_x86_64_codeready_builder
java-21-openjdk-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm082a170fef079a89656fc8856400521b-ol8_x86_64_codeready_builder
java-21-openjdk-headless-21.0.1.0.12-2.0.1.el8.x86_64.rpm237ac0a51b6ee51ec737b5529ea418b9-ol8_x86_64_appstream
java-21-openjdk-headless-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpmaf627eb8a274a0b1c0bd8f703d4aef54-ol8_x86_64_codeready_builder
java-21-openjdk-headless-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpme9bed7638697a9fa6fc48262c3f59645-ol8_x86_64_codeready_builder
java-21-openjdk-javadoc-21.0.1.0.12-2.0.1.el8.x86_64.rpmfe0b8e9374f894f30a759425b1cf288d-ol8_x86_64_appstream
java-21-openjdk-javadoc-zip-21.0.1.0.12-2.0.1.el8.x86_64.rpm781ffb97a78bb89c90610c4c961479c4-ol8_x86_64_appstream
java-21-openjdk-jmods-21.0.1.0.12-2.0.1.el8.x86_64.rpm6d69e2c5e2e8b9deb943e0c15124150f-ol8_x86_64_appstream
java-21-openjdk-jmods-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm09108c41ca227004d1db2aae0580f9a0-ol8_x86_64_codeready_builder
java-21-openjdk-jmods-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpmceb6cc6867121b7bc8eeb1aa0a659152-ol8_x86_64_codeready_builder
java-21-openjdk-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpme51f93bac7ad335022f68bbd05d824f4-ol8_x86_64_codeready_builder
java-21-openjdk-src-21.0.1.0.12-2.0.1.el8.x86_64.rpmcb3e3c21c7fe608072c526c24b42a88a-ol8_x86_64_appstream
java-21-openjdk-src-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpmac939204cadcf1f0f2414a3d11fd9f7e-ol8_x86_64_codeready_builder
java-21-openjdk-src-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpmb486a9cc1d5bd8fa7bb9f266466b2124-ol8_x86_64_codeready_builder
java-21-openjdk-static-libs-21.0.1.0.12-2.0.1.el8.x86_64.rpm1a581c37ee87cc0669f3f26fc72955c8-ol8_x86_64_appstream
java-21-openjdk-static-libs-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm0ee319bff7812e8d72fcaac9bd8805d9-ol8_x86_64_codeready_builder
java-21-openjdk-static-libs-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm76f898adce7f8c26d535fca0e613cc90-ol8_x86_64_codeready_builder



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights