ELSA-2022-5736

ULN >
Oracle Linux Errata repository >
ELSA-2022-5736

ELSA-2022-5736 - java-17-openjdk security, bug fix, and enhancement update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2022-07-28

Description

[1:17.0.4.0.8-0.2.ea]
- Revert the following changes until copy-java-configs has adapted to relative symlinks:
- * Move cacerts replacement to install section and retain original of this and tzdb.dat
- * Run tests on the installed image, rather than the build image
- * Introduce variables to refer to the static library installation directories
- * Use relative symlinks so they work within the image
- * Run debug symbols check during build stage, before the install strips them
- The move of turning on system security properties is retained so we don't ship with them off
- Related: rhbz#2084779

[1:17.0.4.0.8-1]
- Update to jdk-17.0.4.0+8
- Update release notes to 17.0.4.0+8
- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
- Print release file during build, which should now include a correct SOURCE value from .src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
- Move EA designator check to prep so failures can be caught earlier
- Make EA designator check non-fatal while upstream is not maintaining it
- Explicitly require crypto-policies during build and runtime for system security properties
- Make use of the vendor version string to store our version & release rather than an upstream release date
- Include a test in the RPM to check the build has the correct vendor information.
- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
- * RH2094027: SunEC runtime permission for FIPS
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
- Turn on system security properties as part of the build's install section
- Move cacerts replacement to install section and retain original of this and tzdb.dat
- Run tests on the installed image, rather than the build image
- Introduce variables to refer to the static library installation directories
- Use relative symlinks so they work within the image
- Run debug symbols check during build stage, before the install strips them
- Resolves: rhbz#2084779
- Resolves: rhbz#2099919
- Resolves: rhbz#2107943
- Resolves: rhbz#2107941
- Resolves: rhbz#2106523

[1:17.0.4.0.1-0.2.ea]
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
- Add proper quoting so '&' is not treated as a special character by the shell.
- Related: rhbz#2084779

[1:17.0.3.0.7-2]
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
- Resolves: rhbz#2105395

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 9 (aarch64)	java-17-openjdk-17.0.4.0.8-2.el9_0.src.rpm	0d79c910ea616ab4f0f924d27d0551ce	-
	java-17-openjdk-17.0.4.0.8-2.el9_0.aarch64.rpm	40ae13a9ae43daa3c699bf17664e07dc	-
	java-17-openjdk-demo-17.0.4.0.8-2.el9_0.aarch64.rpm	5fc7595acd9f77ae6752def43de4d0eb	-
	java-17-openjdk-demo-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	16db2356ec0ee5e2a16b7155ea98616c	-
	java-17-openjdk-demo-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	7b6eb461a211f11703405a0446871dc8	-
	java-17-openjdk-devel-17.0.4.0.8-2.el9_0.aarch64.rpm	10a118edb378b5278ec5a2b2f02ef574	-
	java-17-openjdk-devel-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	3e1aa37d184c59481ae5231540aa51e2	-
	java-17-openjdk-devel-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	546cf29246925b77f7ac16152f1c8b88	-
	java-17-openjdk-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	401c7d31d2702e8b34db2f08b3b066e5	-
	java-17-openjdk-headless-17.0.4.0.8-2.el9_0.aarch64.rpm	061477c7878000f804039c861b310891	-
	java-17-openjdk-headless-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	a247545cb9648866513742c62ed81252	-
	java-17-openjdk-headless-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	aaa076568350665791b19ee686076ee9	-
	java-17-openjdk-javadoc-17.0.4.0.8-2.el9_0.aarch64.rpm	69c64f0958b9a476d6e29883869a59b9	-
	java-17-openjdk-javadoc-zip-17.0.4.0.8-2.el9_0.aarch64.rpm	5bff1a38176a4cb961a0044dacee2518	-
	java-17-openjdk-jmods-17.0.4.0.8-2.el9_0.aarch64.rpm	ef9a0054d1f9d30e273c24580da9b26a	-
	java-17-openjdk-jmods-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	7f44969ea3cebf09027883bfc94f2bad	-
	java-17-openjdk-jmods-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	43981e1d2ca324b302b8502dee578b84	-
	java-17-openjdk-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	2313a0ba6e17602d921766bde2bc7c63	-
	java-17-openjdk-src-17.0.4.0.8-2.el9_0.aarch64.rpm	a2d4a6a895c9bcbb178bc5d5cd97e44e	-
	java-17-openjdk-src-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	4e79b539fcdb6fa5ce9331fc11582725	-
	java-17-openjdk-src-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	e21c7c7c63ccdc29406c9ea800492829	-
	java-17-openjdk-static-libs-17.0.4.0.8-2.el9_0.aarch64.rpm	bcf8fe80342a26f28f06bf3f8741868a	-
	java-17-openjdk-static-libs-fastdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	3137514ea06b65cb338e964fbedf48c9	-
	java-17-openjdk-static-libs-slowdebug-17.0.4.0.8-2.el9_0.aarch64.rpm	4ae5d9164bb340da91d2f8b987909c51	-

Oracle Linux 9 (x86_64)	java-17-openjdk-17.0.4.0.8-2.el9_0.src.rpm	0d79c910ea616ab4f0f924d27d0551ce	-
	java-17-openjdk-17.0.4.0.8-2.el9_0.x86_64.rpm	7105e57d63bb4e3943d973de0161f5c1	-
	java-17-openjdk-demo-17.0.4.0.8-2.el9_0.x86_64.rpm	97b0021fb519d1682c6ea6780bc706a0	-
	java-17-openjdk-demo-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	d80248b3fd1f044f6ea8ffdc3e4dc1fd	-
	java-17-openjdk-demo-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	f931e60a4b66c4278eec3f0eefd526ec	-
	java-17-openjdk-devel-17.0.4.0.8-2.el9_0.x86_64.rpm	1061ac003e4484e77e96a28ec391d5da	-
	java-17-openjdk-devel-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	503714ce8181ac006de361aeae145326	-
	java-17-openjdk-devel-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	a33ceb5d6a0c2ead9b5bc50d869bbb47	-
	java-17-openjdk-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	f9c6974e7b1fd1e58badbc7056d01328	-
	java-17-openjdk-headless-17.0.4.0.8-2.el9_0.x86_64.rpm	410a8d749c903c4d850400c2ce729f96	-
	java-17-openjdk-headless-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	a8ddffd69cf4e978f7016af94ae9b251	-
	java-17-openjdk-headless-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	8a8ce0cd557d7d8c2da6b82624fc040a	-
	java-17-openjdk-javadoc-17.0.4.0.8-2.el9_0.x86_64.rpm	1ddfa08ab1553c67baf1f057df19c4d0	-
	java-17-openjdk-javadoc-zip-17.0.4.0.8-2.el9_0.x86_64.rpm	8e7362db365b950c3dd8ae4d8a08bef6	-
	java-17-openjdk-jmods-17.0.4.0.8-2.el9_0.x86_64.rpm	c27ace6f777be75a8e9849db1f0206bc	-
	java-17-openjdk-jmods-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	bb4ee0c127f5006afd85ee02f8720f09	-
	java-17-openjdk-jmods-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	c454e28d75ba922cc68fd6de6367fb4c	-
	java-17-openjdk-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	aeeb2ab7710ee3fbc4a2014065400dab	-
	java-17-openjdk-src-17.0.4.0.8-2.el9_0.x86_64.rpm	82337baec781bcf45a453e0741bf326e	-
	java-17-openjdk-src-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	db9e3d6737c846054a120e3e836a523a	-
	java-17-openjdk-src-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	d93f5f340c76797ed8287b43c423c879	-
	java-17-openjdk-static-libs-17.0.4.0.8-2.el9_0.x86_64.rpm	0747a2f0e89cb08ea7ddece0f7fa54f7	-
	java-17-openjdk-static-libs-fastdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	1d6074a4cb1159747c1819642bf8f3a2	-
	java-17-openjdk-static-libs-slowdebug-17.0.4.0.8-2.el9_0.x86_64.rpm	e1f502369943071dd0f9725957060115	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691