ELSA-2022-5726

ULN >
Oracle Linux Errata repository >
ELSA-2022-5726

ELSA-2022-5726 - java-17-openjdk security, bug fix, and enhancement update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2022-07-27

Description

[1:17.0.4.0.8-0.2.ea]
- Add rpminspect.yaml to turn off Java bytecode inspections
- java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode
- Resolves: rhbz#2109106

[1:17.0.4.0.8-0.2.ea]
- Revert the following changes until copy-java-configs has adapted to relative symlinks:
- * Move cacerts replacement to install section and retain original of this and tzdb.dat
- * Run tests on the installed image, rather than the build image
- * Introduce variables to refer to the static library installation directories
- * Use relative symlinks so they work within the image
- * Run debug symbols check during build stage, before the install strips them
- The move of turning on system security properties is retained so we don't ship with them off
- Related: rhbz#2084650

[1:17.0.4.0.8-0.2.ea]
- Returned absolute symlinks
- Relative symlinks are breaking cjc, and deeper investigations are necessary
-- why cjc intentionally skips relative symllinks
- Images have to be workarounded differently
- Related: rhbz#2084650

[1:17.0.4.0.8-1]
- Update to jdk-17.0.4.0+8
- Update release notes to 17.0.4.0+8
- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
- Print release file during build, which should now include a correct SOURCE value from .src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
- Move EA designator check to prep so failures can be caught earlier
- Make EA designator check non-fatal while upstream is not maintaining it
- Explicitly require crypto-policies during build and runtime for system security properties
- Make use of the vendor version string to store our version & release rather than an upstream release date
- Include a test in the RPM to check the build has the correct vendor information.
- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
- * RH2094027: SunEC runtime permission for FIPS
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
- Turn on system security properties as part of the build's install section
- Move cacerts replacement to install section and retain original of this and tzdb.dat
- Run tests on the installed image, rather than the build image
- Introduce variables to refer to the static library installation directories
- Use relative symlinks so they work within the image
- Run debug symbols check during build stage, before the install strips them
- Resolves: rhbz#2084650
- Resolves: rhbz#2099913
- Resolves: rhbz#2108206
- Resolves: rhbz#2108209
- Resolves: rhbz#2106521

[1:17.0.4.0.1-0.2.ea]
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
- Add proper quoting so '&' is not treated as a special character by the shell.
- Related: rhbz#2084650

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	java-17-openjdk-17.0.4.0.8-2.el8_6.src.rpm	9a4ae4153315ad81b07735f745a604c9	-
	java-17-openjdk-17.0.4.0.8-2.el8_6.aarch64.rpm	df26b2ad515c3d7f03fa7c4353954657	-
	java-17-openjdk-demo-17.0.4.0.8-2.el8_6.aarch64.rpm	03d3888540c7a5aa5defc50101f938f8	-
	java-17-openjdk-demo-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	352b81b52bdc345f97e2176af4d1f01b	-
	java-17-openjdk-demo-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	300adeadc03c1c2fe4269e609ee6cdc2	-
	java-17-openjdk-devel-17.0.4.0.8-2.el8_6.aarch64.rpm	87077096cf282f643a626fb5e55dac6d	-
	java-17-openjdk-devel-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	5f37ba89d7112262b3934755460596eb	-
	java-17-openjdk-devel-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	33f7b1fecfd78ede83ed181ceaf37b18	-
	java-17-openjdk-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	a71e5072ed7724a10e763a527321d78a	-
	java-17-openjdk-headless-17.0.4.0.8-2.el8_6.aarch64.rpm	79d014481225c07172f6ca03ab703b2f	-
	java-17-openjdk-headless-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	3eaef3b7cdf0fe4018d20061f7e9ccc7	-
	java-17-openjdk-headless-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	956282d365847a48ed697de63d22d59d	-
	java-17-openjdk-javadoc-17.0.4.0.8-2.el8_6.aarch64.rpm	3968751b76ce42db3ec539b841de33a7	-
	java-17-openjdk-javadoc-zip-17.0.4.0.8-2.el8_6.aarch64.rpm	01f59cbacf64408d843db883a0d12021	-
	java-17-openjdk-jmods-17.0.4.0.8-2.el8_6.aarch64.rpm	95a84a05dfeab44de4d7079ab03c362a	-
	java-17-openjdk-jmods-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	0e02f523d77e610926d97c626a90f89d	-
	java-17-openjdk-jmods-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	fd10fa1190ca858f701ad09361a08ee4	-
	java-17-openjdk-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	1875363e0e6e36d8852e3a6316ad8e95	-
	java-17-openjdk-src-17.0.4.0.8-2.el8_6.aarch64.rpm	c9b6c4e7811e363d195c4fdd77769aad	-
	java-17-openjdk-src-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	ec8736563aa4c5df2ed24ddca5fbd171	-
	java-17-openjdk-src-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	69f13edee371fbaf065c9bcbba10ac21	-
	java-17-openjdk-static-libs-17.0.4.0.8-2.el8_6.aarch64.rpm	c139007e8f973c79382a9a31496c2c8b	-
	java-17-openjdk-static-libs-fastdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	bc1932a226e1d5567412b3a9ba32fa26	-
	java-17-openjdk-static-libs-slowdebug-17.0.4.0.8-2.el8_6.aarch64.rpm	dc1534c4e50b63627d846a0369ddcf1c	-

Oracle Linux 8 (x86_64)	java-17-openjdk-17.0.4.0.8-2.el8_6.src.rpm	9a4ae4153315ad81b07735f745a604c9	-
	java-17-openjdk-17.0.4.0.8-2.el8_6.x86_64.rpm	d81d9542b0e19a21becfac159128e5ee	-
	java-17-openjdk-demo-17.0.4.0.8-2.el8_6.x86_64.rpm	f420de8ccb7a61efd3b79ce283aa2d70	-
	java-17-openjdk-demo-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	b22906d229a19009f46259a482c26652	-
	java-17-openjdk-demo-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	1de94baeee2ef18d10d3160881d5b931	-
	java-17-openjdk-devel-17.0.4.0.8-2.el8_6.x86_64.rpm	3e551fc89c50e6dee8108ba500117414	-
	java-17-openjdk-devel-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	9d829fd417fb9354bce989558f458c68	-
	java-17-openjdk-devel-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	22f05a75dc4d4081b6a74f52cf0c19b6	-
	java-17-openjdk-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	b16ca82f372d1ca3830245eee8d58112	-
	java-17-openjdk-headless-17.0.4.0.8-2.el8_6.x86_64.rpm	dec2448dace214243e37467531781211	-
	java-17-openjdk-headless-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	769f2ddb410b947f4ef0d6a77438e3d7	-
	java-17-openjdk-headless-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	425e7d511dce03a5c8248f0cdc564884	-
	java-17-openjdk-javadoc-17.0.4.0.8-2.el8_6.x86_64.rpm	fdfb5b2f3a5e249ff699f57b04f93016	-
	java-17-openjdk-javadoc-zip-17.0.4.0.8-2.el8_6.x86_64.rpm	093bcab59e0445164f4cb0bcc5d1be5b	-
	java-17-openjdk-jmods-17.0.4.0.8-2.el8_6.x86_64.rpm	450393fbc94c66a46ef3a4d4454fef49	-
	java-17-openjdk-jmods-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	6f39e162592946317cfe52e6e02cb8b1	-
	java-17-openjdk-jmods-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	6af04de756bbd42b44330c7dd297425b	-
	java-17-openjdk-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	f378a49a16b9f5299849a5d7987474b0	-
	java-17-openjdk-src-17.0.4.0.8-2.el8_6.x86_64.rpm	0d71db6ef2b4e9b5ca96b7d74455fc04	-
	java-17-openjdk-src-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	66fc6b62dc1dea4b175ce678731519f6	-
	java-17-openjdk-src-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	23b251bc24c1cb34a01c7f93e24ff2df	-
	java-17-openjdk-static-libs-17.0.4.0.8-2.el8_6.x86_64.rpm	5d0e49525ce48634ab15d057a79c20d1	-
	java-17-openjdk-static-libs-fastdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	1f9040e0dbf5f23ec3cf36e98add408d	-
	java-17-openjdk-static-libs-slowdebug-17.0.4.0.8-2.el8_6.x86_64.rpm	e99eb544c81af6b5e37be40c6d8984e0	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691