ELSA-2022-5726

ULN >
Oracle Linux Errata repository >
ELSA-2022-5726

ELSA-2022-5726 - java-17-openjdk security, bug fix, and enhancement update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2022-07-27

Description

[1:17.0.4.0.8-0.2.ea]
- Add rpminspect.yaml to turn off Java bytecode inspections
- java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode
- Resolves: rhbz#2109106

[1:17.0.4.0.8-0.2.ea]
- Revert the following changes until copy-java-configs has adapted to relative symlinks:
- * Move cacerts replacement to install section and retain original of this and tzdb.dat
- * Run tests on the installed image, rather than the build image
- * Introduce variables to refer to the static library installation directories
- * Use relative symlinks so they work within the image
- * Run debug symbols check during build stage, before the install strips them
- The move of turning on system security properties is retained so we don't ship with them off
- Related: rhbz#2084650

[1:17.0.4.0.8-0.2.ea]
- Returned absolute symlinks
- Relative symlinks are breaking cjc, and deeper investigations are necessary
-- why cjc intentionally skips relative symllinks
- Images have to be workarounded differently
- Related: rhbz#2084650

[1:17.0.4.0.8-1]
- Update to jdk-17.0.4.0+8
- Update release notes to 17.0.4.0+8
- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
- Print release file during build, which should now include a correct SOURCE value from .src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
- Move EA designator check to prep so failures can be caught earlier
- Make EA designator check non-fatal while upstream is not maintaining it
- Explicitly require crypto-policies during build and runtime for system security properties
- Make use of the vendor version string to store our version & release rather than an upstream release date
- Include a test in the RPM to check the build has the correct vendor information.
- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
- * RH2094027: SunEC runtime permission for FIPS
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
- Turn on system security properties as part of the build's install section
- Move cacerts replacement to install section and retain original of this and tzdb.dat
- Run tests on the installed image, rather than the build image
- Introduce variables to refer to the static library installation directories
- Use relative symlinks so they work within the image
- Run debug symbols check during build stage, before the install strips them
- Resolves: rhbz#2084650
- Resolves: rhbz#2099913
- Resolves: rhbz#2108206
- Resolves: rhbz#2108209
- Resolves: rhbz#2106521

[1:17.0.4.0.1-0.2.ea]
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
- Add proper quoting so '&' is not treated as a special character by the shell.
- Related: rhbz#2084650

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	java-17-openjdk-17.0.4.0.8-2.el8_6.src.rpm	48d2a3d76ed9939b87cbfe8521f8a9860f9bbfd20ef7e30ac54227ba742c5224	-	ol8_aarch64_appstream
	java-17-openjdk-17.0.4.0.8-2.el8_6.src.rpm	48d2a3d76ed9939b87cbfe8521f8a9860f9bbfd20ef7e30ac54227ba742c5224	-	ol8_aarch64_codeready_builder
	java-17-openjdk-17.0.4.0.8-2.el8_6.aarch64.rpm	2a1e80389b11ce6c7ed02f78a7082dcf3b94fae6befb317bdf57a8da1957b2cc	-	ol8_aarch64_appstream
	java-17-openjdk-demo-17.0.4.0.8-2.el8_6.aarch64.rpm	725663452c837789250906e1f1063e1186d8b2c766897450c0a5dff24cd27705	-	ol8_aarch64_appstream
	java-17-openjdk-demo-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	34acf414d9802dcabb7c75df9511a97a4d1e4663b5c6482cc316acd91579633e	-	ol8_aarch64_codeready_builder
	java-17-openjdk-demo-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	33bec9ea1d27c248f134049418c905c64351256394c2356d0c5b28cc34a731ae	-	ol8_aarch64_codeready_builder
	java-17-openjdk-devel-17.0.4.0.8-2.el8_6.aarch64.rpm	7cdaa23d6a8f0a040da48b8333558169ae5f066480f8da5725dfdd48fe291b07	-	ol8_aarch64_appstream
	java-17-openjdk-devel-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	2aa7afdaa6d5280cb54464ff0c2d3bad7bec070dca190e2391d403a3a6b511c7	-	ol8_aarch64_codeready_builder
	java-17-openjdk-devel-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	c4f7695e04825fc420829a8cc1bbe03a14d0e59a569029048d25c8a26d949464	-	ol8_aarch64_codeready_builder
	java-17-openjdk-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	02a8e642d5534060dbe5a78c4984ede60d871f6b1435c3505b0a412b1c0fe0bc	-	ol8_aarch64_codeready_builder
	java-17-openjdk-headless-17.0.4.0.8-2.el8_6.aarch64.rpm	6c47aaa7881fa5e63ac60d25671de449f67b83e777c753df383d0e9256d5b7b3	-	ol8_aarch64_appstream
	java-17-openjdk-headless-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	fa7576588f38f07f3243541e1df1ce5ec4167eec84fd241ffb2dd354d7d56f54	-	ol8_aarch64_codeready_builder
	java-17-openjdk-headless-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	db5f08ac0ad05dc2ee0d7b916e9a32690e0f9663f2e484a42d1c36bf20911b04	-	ol8_aarch64_codeready_builder
	java-17-openjdk-javadoc-17.0.4.0.8-2.el8_6.aarch64.rpm	9a1a7d2caf9107971f9a2536140ef45a0ff53a4db92990dca1447ad2dd8f3552	-	ol8_aarch64_appstream
	java-17-openjdk-javadoc-zip-17.0.4.0.8-2.el8_6.aarch64.rpm	13d3e1b717492a7c76a30230c54856d8a91097b5ab3f8ebe304dbfa18bff2fc5	-	ol8_aarch64_appstream
	java-17-openjdk-jmods-17.0.4.0.8-2.el8_6.aarch64.rpm	782fa59e3e859ad4df83161067dcd1e8202c8cff9fa6862e413910ea72f4e4b5	-	ol8_aarch64_appstream
	java-17-openjdk-jmods-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	e5a34573b65ba1661e51dc8604b5757c853de4a859dc8cb03508ce5340c4bf33	-	ol8_aarch64_codeready_builder
	java-17-openjdk-jmods-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	4880d0b29d742842bb79b27100f63c20413c54c5c79aaf7637445db079fabdea	-	ol8_aarch64_codeready_builder
	java-17-openjdk-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	b1f02fe48f5f003ce7b46317962e521e07da177ae52c393837644b837b89f52f	-	ol8_aarch64_codeready_builder
	java-17-openjdk-src-17.0.4.0.8-2.el8_6.aarch64.rpm	c9af4481988bcf459f06725d27a2c627fe66fc8e990f141b8b00bacfb54de54f	-	ol8_aarch64_appstream
	java-17-openjdk-src-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	c2b699ba2e0d4a09cc9c43ba334e33acee228f4db44b1288a3cd50f3c63604bc	-	ol8_aarch64_codeready_builder
	java-17-openjdk-src-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	4c9b5f61d13db07b3a41a99cce8491fc1b6af7bf695e7ce45e17eaad32370332	-	ol8_aarch64_codeready_builder
	java-17-openjdk-static-libs-17.0.4.0.8-2.el8_6.aarch64.rpm	20a94e37ad470fe5cac9112603365bd63db52eb9db7ddc4609a96719797f1c9c	-	ol8_aarch64_appstream
	java-17-openjdk-static-libs-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	ac416e1aed2bf5981444bb7a1f87abde5fa91b15318c995e1ea244852c8edd0d	-	ol8_aarch64_codeready_builder
	java-17-openjdk-static-libs-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	7d44452cf315cce5037fba9e26ece7e5fecc48d6c56fb164e8cb80be8da030f4	-	ol8_aarch64_codeready_builder

Oracle Linux 8 (x86_64)	java-17-openjdk-17.0.4.0.8-2.el8_6.src.rpm	48d2a3d76ed9939b87cbfe8521f8a9860f9bbfd20ef7e30ac54227ba742c5224	-	ol8_x86_64_appstream
	java-17-openjdk-17.0.4.0.8-2.el8_6.src.rpm	48d2a3d76ed9939b87cbfe8521f8a9860f9bbfd20ef7e30ac54227ba742c5224	-	ol8_x86_64_codeready_builder
	java-17-openjdk-17.0.4.0.8-2.el8_6.x86_64.rpm	76cac4538b28e57daed55b5f04fb090d4d9d0b0ad569b7c674d93cb0121258d7	-	ol8_x86_64_appstream
	java-17-openjdk-demo-17.0.4.0.8-2.el8_6.x86_64.rpm	50432016a6e9d8d5aa29ced7c45b3e8910f4ebedd9f8f3a35c74b2bc70f4c92e	-	ol8_x86_64_appstream
	java-17-openjdk-demo-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	e679f6e330d882d5166950329adc85738de03b23eff4269d1b8442b27b36ea3c	-	ol8_x86_64_codeready_builder
	java-17-openjdk-demo-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	743b94a6087735a92ef510804817a2da66d05fd527a38193be22f15f295d30b6	-	ol8_x86_64_codeready_builder
	java-17-openjdk-devel-17.0.4.0.8-2.el8_6.x86_64.rpm	a7653155cc59d0457ee2507e9625cc2b88665e76a7e6613351fb6c61791a3c08	-	ol8_x86_64_appstream
	java-17-openjdk-devel-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	6ab9083193be0b0147c97fd8384ae1ce9b29f4093743dcf19a5dcc243794fe08	-	ol8_x86_64_codeready_builder
	java-17-openjdk-devel-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	60123e813a509ec006082ffa01924126bec6dab3b6c0413757bf5b1d21df059d	-	ol8_x86_64_codeready_builder
	java-17-openjdk-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	eda235b7628d355c8a2a0c624dcd528ccd0ba21d4ab7326cfd4aa00265c8e420	-	ol8_x86_64_codeready_builder
	java-17-openjdk-headless-17.0.4.0.8-2.el8_6.x86_64.rpm	cd8091e2bc0549b71c7533ad1c9483fd8dd190d0b5ceeb2d5b5e4310dbec213d	-	ol8_x86_64_appstream
	java-17-openjdk-headless-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	9f642df39bd0b1845e56c025a39380518cbcfa5864edf95efbd902615f450333	-	ol8_x86_64_codeready_builder
	java-17-openjdk-headless-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	0cb43bdfa2773f0994469f1e61f792ed21658c85f2e4bb74672dd99ccd0c8f04	-	ol8_x86_64_codeready_builder
	java-17-openjdk-javadoc-17.0.4.0.8-2.el8_6.x86_64.rpm	c337ccf7437688ea0f4f824147db33b45a61364155c9c19bb6db16521667f85c	-	ol8_x86_64_appstream
	java-17-openjdk-javadoc-zip-17.0.4.0.8-2.el8_6.x86_64.rpm	4a2ab821a7c830fa6e881cf85ae081e4c2b30e673b9bf4c5d5de92403ab47027	-	ol8_x86_64_appstream
	java-17-openjdk-jmods-17.0.4.0.8-2.el8_6.x86_64.rpm	9ae732c10a04dd549a1e011a3e8f1f330920d3166e0ffbc786ce458364d1d2fe	-	ol8_x86_64_appstream
	java-17-openjdk-jmods-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	3d9be1a4853e380caf67a4593c7d794052f7057395773a7278985e87f24bd372	-	ol8_x86_64_codeready_builder
	java-17-openjdk-jmods-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	38c38c263287d2346a1602f4bcf0cbd8bfa0fb771b994e2bdcfb83f93ef1e640	-	ol8_x86_64_codeready_builder
	java-17-openjdk-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	30c1ee2fd37802b00153240186a490a6321c9632fc8e1d067f08b8bde8c2eda4	-	ol8_x86_64_codeready_builder
	java-17-openjdk-src-17.0.4.0.8-2.el8_6.x86_64.rpm	db1c969fe4d9038fc04dad301bcb1a9138466b548af4a61c654e4f50eb452c1b	-	ol8_x86_64_appstream
	java-17-openjdk-src-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	be402115df182b9db3fdf78d011180aa1da3508d10ca1c44b1d85ae2c6435b97	-	ol8_x86_64_codeready_builder
	java-17-openjdk-src-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	914b7d07eb17a316f47bf7a4915455350286707eb6987566ea5a51a2b084108e	-	ol8_x86_64_codeready_builder
	java-17-openjdk-static-libs-17.0.4.0.8-2.el8_6.x86_64.rpm	0fe7cf1791e52508d3631e813a5c08470d6be1d65fa4a5c51447c9d31375042e	-	ol8_x86_64_appstream
	java-17-openjdk-static-libs-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	078830a744beb4b33dcfa589279b457d93e2ee8e8bd6dab5e3d96dcf3718e9a8	-	ol8_x86_64_codeready_builder
	java-17-openjdk-static-libs-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	bfe57b6c8309842a61f8f3b4e94e4dfcbe3a391e3d868148086a86249960fc3b	-	ol8_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691