ELSA-2023-6738

ELSA-2023-6738 - java-21-openjdk security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2023-11-11

Description


[1:21.0.1.0.12-2.0.1]
- Add Oracle vendor bug URL

[1:21.0.1.0.12-2]
- Switch to using portable binaries built on RHEL 7
- Sync the copy of the portable specfile with the RHEL 7 version
- Related: RHEL-12997

[1:21.0.1.0.12-1]
- Update to jdk-21.0.1.0+12 (GA)
- Update release notes to 21.0.1.0+12
- Sync the copy of the portable specfile with the latest update
- Update openjdk_news script to specify subdirectory last
- Add missing discover_trees script required by openjdk_news
- Synchronise bundled versions with 21u sources (FreeType, LCMS, HarfBuzz, libpng)
- Sync generate_tarball.sh with 11u & 17u version
- Update bug URL for RHEL to point to the Red Hat customer portal
- Fix upstream release URL for OpenJDK source
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
- Use tapsets from the misc tarball
- Introduce 'prelease' for the portable release versioning, to handle EA builds
- Make sure root installation directory is created first
- Use in-place substitution for all but the first of the tapset changes
- Synchronise runtime and buildtime tzdata requirements
- Remove ghosts for binaries not in java-21-openjdk (pack200, rmid, unpack200)
- Add missing jfr, jpackage and jwebserver alternative ghosts
- Move jcmd to the headless package
- Revert alt-java binary location to being within the JDK tree
- Resolves: RHEL-12997
- Resolves: RHEL-14954
- Resolves: RHEL-14962
- Resolves: RHEL-14958
- Related: RHEL-14946
- Resolves: RHEL-14959
- Resolves: RHEL-14948

[1:21.0.1.0.12-1]
- Exclude classes_nocoops.jsa on i686 and arm32
- Related: RHEL-14946

[1:21.0.1.0.12-1]
- Fix packaging of CDS archives
- Resolves: RHEL-14946

[1:21.0.0.0.35-2]
- Update documentation (README.md)
- Replace alt-java patch with a binary separate from the JDK
- Drop stale patches that are of little use any more:
- * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work
- * No accessibility subpackage to warrant RH1648242 & RH1648644 patches any more
- * No use of system libjpeg turbo to warrant RH649512 patch any more
- Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed
- Adapt alt-java test to new binary where there is always a set_speculation function
- Related: RHEL-12997

[1:21.0.0.0.35-1]
- Update to jdk-21.0.0+35
- Update system crypto policy & FIPS patch from new fips-21u tree
- Update generate_tarball.sh to sync with upstream vanilla script inc. no more ECC removal
- Drop fakefeaturever now it is no longer needed
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
- Use upstream release URL for OpenJDK source
- Re-enable tzdata tests now we are on the latest JDK and things are back in sync
- Install jaxp.properties introduced by JDK-8303530
- Install lible.so introduced by JDK-8306983
- Related: RHEL-12997

[1:21.0.0.0.35-1]
- Replace smoke test files used in the staticlibs test, as fdlibm was removed by JDK-8303798
- Related: RHEL-12997

[1:20.0.0.0.36-1]
- Update to jdk-20.0.2+9
- Update release notes to 20.0.2+9
- Update system crypto policy & FIPS patch from new fips-20u tree
- Update generate_tarball.sh ICEDTEA_VERSION
- Update CLDR reference data following update to 42 (Rocky Mountain-Normalzeit => Rocky-Mountain-Normalzeit)
- Related: RHEL-12997

[1:20.0.0.0.36-1]
- Dropped JDK-8295447, JDK-8296239 & JDK-8299439 patches now upstream
- Adapted rh1750419-redhat_alt_java.patch
- Related: RHEL-12997

[1:19.0.1.0.10-1]
- Update to jdk-19.0.2 release
- Update release notes to 19.0.2
- Rebase FIPS patches from fips-19u branch
- Remove references to sample directory removed by JDK-8284999
- Add local patch JDK-8295447 (javac NPE) which was accepted into 19u upstream but not in the GA tag
- Add local patches for JDK-8296239 & JDK-8299439 (Croatia Euro update) which are present in 8u, 11u & 17u releases
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Update to jdk-18.0.2 release
- Support JVM variant zero following JDK-8273494 no longer installing Zero's libjvm.so in the server directory
- Rebase FIPS patches from fips-18u branch
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Drop now unused fresh_libjvm, build_hotspot_first, bootjdk and buildjdkver variables, as we don't build a JDK here
- Drop tzdata patches added for 17.0.7 which will eventually appear in the upstream tarball when we reach OpenJDK 21
- Disable tzdata tests until we are on the latest JDK and things are back in sync
- Use empty nss.fips.cfg until it is again available via the FIPS patch
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Update to ea version of jdk18
- Add new slave jwebserver and corresponding manpage
- Adjust rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
- Related: RHEL-12997

[1:17.0.7.0.7-4]
- Add files missed by centpkg import.
- Related: rhbz#2192748

[1:17.0.7.0.7-3]
- Create java-21-openjdk package based on java-17-openjdk
- Related: rhbz#2192748


Related CVEs


CVE-2023-22025
CVE-2023-22081

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) java-21-openjdk-21.0.1.0.12-2.0.1.el9.src.rpmf3ee9ce69da77f08f660d3bbfb5a37a1-ol9_aarch64_appstream
java-21-openjdk-21.0.1.0.12-2.0.1.el9.src.rpmf3ee9ce69da77f08f660d3bbfb5a37a1-ol9_aarch64_codeready_builder
java-21-openjdk-21.0.1.0.12-2.0.1.el9.aarch64.rpmf022f8ae063f8df892b1d49dfaa2f1fc-ol9_aarch64_appstream
java-21-openjdk-demo-21.0.1.0.12-2.0.1.el9.aarch64.rpm07ebd227778e5cecda650f0f3aa39a00-ol9_aarch64_appstream
java-21-openjdk-demo-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm04d14b60f675f206cddd05e5cf1be349-ol9_aarch64_codeready_builder
java-21-openjdk-demo-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpmeb364816bc79f44337c3b8ce5d7b787a-ol9_aarch64_codeready_builder
java-21-openjdk-devel-21.0.1.0.12-2.0.1.el9.aarch64.rpm5cde465b81d3518ba6ac4455e706987b-ol9_aarch64_appstream
java-21-openjdk-devel-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpme6569d438e05a7fd48e5ab109f15f84e-ol9_aarch64_codeready_builder
java-21-openjdk-devel-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm935519ba8fb3c5c91b1cedef2686a03c-ol9_aarch64_codeready_builder
java-21-openjdk-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpmc56436eec091cc4adcc5b974152386ee-ol9_aarch64_codeready_builder
java-21-openjdk-headless-21.0.1.0.12-2.0.1.el9.aarch64.rpm66547462d22e8fe200cfe04f7df9ede8-ol9_aarch64_appstream
java-21-openjdk-headless-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm410d52eaa378a7d81eb20862892be544-ol9_aarch64_codeready_builder
java-21-openjdk-headless-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm9303bd6918eac9a1f42458aea18074b5-ol9_aarch64_codeready_builder
java-21-openjdk-javadoc-21.0.1.0.12-2.0.1.el9.aarch64.rpmbc17be3cc55532929aadfc3e8b5e626b-ol9_aarch64_appstream
java-21-openjdk-javadoc-zip-21.0.1.0.12-2.0.1.el9.aarch64.rpm8a79fe6f97758150a345eab78568c8e2-ol9_aarch64_appstream
java-21-openjdk-jmods-21.0.1.0.12-2.0.1.el9.aarch64.rpm19d81d3c20861f1d2268731e2dbd3fff-ol9_aarch64_appstream
java-21-openjdk-jmods-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpmdbb47bfed26a52848f052b9cb00795e4-ol9_aarch64_codeready_builder
java-21-openjdk-jmods-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm5078c16316799aa63ebbc4369d6c6b8e-ol9_aarch64_codeready_builder
java-21-openjdk-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm92a58f5a15325766a072595b6fd1ac8d-ol9_aarch64_codeready_builder
java-21-openjdk-src-21.0.1.0.12-2.0.1.el9.aarch64.rpm11d639b4b758f0e3ed458013821bda3a-ol9_aarch64_appstream
java-21-openjdk-src-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm3ebcc06e20f7c6ece9389f382ac963c8-ol9_aarch64_codeready_builder
java-21-openjdk-src-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm6c06369406e1747cd2db56cb4e7db256-ol9_aarch64_codeready_builder
java-21-openjdk-static-libs-21.0.1.0.12-2.0.1.el9.aarch64.rpm8e3b25022b673d16a2241c4d345979ec-ol9_aarch64_appstream
java-21-openjdk-static-libs-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm8e96ecb013f7afc09ea042651f098f2f-ol9_aarch64_codeready_builder
java-21-openjdk-static-libs-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm0202390deacc9c2676371f8555e10bd7-ol9_aarch64_codeready_builder
Oracle Linux 9 (x86_64) java-21-openjdk-21.0.1.0.12-2.0.1.el9.src.rpmf3ee9ce69da77f08f660d3bbfb5a37a1-ol9_x86_64_appstream
java-21-openjdk-21.0.1.0.12-2.0.1.el9.src.rpmf3ee9ce69da77f08f660d3bbfb5a37a1-ol9_x86_64_codeready_builder
java-21-openjdk-21.0.1.0.12-2.0.1.el9.x86_64.rpmb974980b108ebd677ff6387f8de6984a-ol9_x86_64_appstream
java-21-openjdk-demo-21.0.1.0.12-2.0.1.el9.x86_64.rpm5ab56ff24a897c4cd9804363262b614b-ol9_x86_64_appstream
java-21-openjdk-demo-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm890bdf196673e1a89866082a49a9278d-ol9_x86_64_codeready_builder
java-21-openjdk-demo-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm09a4bad4c74507a8a3020cf17ca645d7-ol9_x86_64_codeready_builder
java-21-openjdk-devel-21.0.1.0.12-2.0.1.el9.x86_64.rpm309e459e1333edee8d29b3306d6c2c25-ol9_x86_64_appstream
java-21-openjdk-devel-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpmd3cf13717ad106ec1b58f8e3b047301a-ol9_x86_64_codeready_builder
java-21-openjdk-devel-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm43b1f9466beba730a948f10e8191b7c1-ol9_x86_64_codeready_builder
java-21-openjdk-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpmda7d324102cd97beec4ecebca3cc5032-ol9_x86_64_codeready_builder
java-21-openjdk-headless-21.0.1.0.12-2.0.1.el9.x86_64.rpmcd41e1cda157b0176a943b986fe33c2b-ol9_x86_64_appstream
java-21-openjdk-headless-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm65a4fa96a895184b9c12249ce414dc24-ol9_x86_64_codeready_builder
java-21-openjdk-headless-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpme0c7163d2da8dc1a6ffb41652f10fa0a-ol9_x86_64_codeready_builder
java-21-openjdk-javadoc-21.0.1.0.12-2.0.1.el9.x86_64.rpmeebbd09530a02908ff92a3e8cd2a66b5-ol9_x86_64_appstream
java-21-openjdk-javadoc-zip-21.0.1.0.12-2.0.1.el9.x86_64.rpm470a086036cf1a22f1527fc871c889d6-ol9_x86_64_appstream
java-21-openjdk-jmods-21.0.1.0.12-2.0.1.el9.x86_64.rpmf0f51a739643a640a98e7d2201452b72-ol9_x86_64_appstream
java-21-openjdk-jmods-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpmc0bc8614b06ca14927e93d696b8e6df3-ol9_x86_64_codeready_builder
java-21-openjdk-jmods-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpmc974be06ea2b84715b8a6009bea6981a-ol9_x86_64_codeready_builder
java-21-openjdk-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm1463922b11824945479afe8e8d81b40f-ol9_x86_64_codeready_builder
java-21-openjdk-src-21.0.1.0.12-2.0.1.el9.x86_64.rpm538658e972869f39e225d11e5cb565b2-ol9_x86_64_appstream
java-21-openjdk-src-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm075eda7edb377ea794070b5a3652c1af-ol9_x86_64_codeready_builder
java-21-openjdk-src-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm704ea4507019795979e2eb0fef559891-ol9_x86_64_codeready_builder
java-21-openjdk-static-libs-21.0.1.0.12-2.0.1.el9.x86_64.rpm4b6a47b22db8387722d5b2099053b99f-ol9_x86_64_appstream
java-21-openjdk-static-libs-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpmec5ebb7ea62edacff5f235fa1bcba043-ol9_x86_64_codeready_builder
java-21-openjdk-static-libs-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm9e099d5e9fa55bc1ad24381020d1fd88-ol9_x86_64_codeready_builder



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete