ELSA-2023-6738

ULN >
Oracle Linux Errata repository >
ELSA-2023-6738

ELSA-2023-6738 - java-21-openjdk security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2023-11-11

Description

[1:21.0.1.0.12-2.0.1]
- Add Oracle vendor bug URL

[1:21.0.1.0.12-2]
- Switch to using portable binaries built on RHEL 7
- Sync the copy of the portable specfile with the RHEL 7 version
- Related: RHEL-12997

[1:21.0.1.0.12-1]
- Update to jdk-21.0.1.0+12 (GA)
- Update release notes to 21.0.1.0+12
- Sync the copy of the portable specfile with the latest update
- Update openjdk_news script to specify subdirectory last
- Add missing discover_trees script required by openjdk_news
- Synchronise bundled versions with 21u sources (FreeType, LCMS, HarfBuzz, libpng)
- Sync generate_tarball.sh with 11u & 17u version
- Update bug URL for RHEL to point to the Red Hat customer portal
- Fix upstream release URL for OpenJDK source
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
- Use tapsets from the misc tarball
- Introduce 'prelease' for the portable release versioning, to handle EA builds
- Make sure root installation directory is created first
- Use in-place substitution for all but the first of the tapset changes
- Synchronise runtime and buildtime tzdata requirements
- Remove ghosts for binaries not in java-21-openjdk (pack200, rmid, unpack200)
- Add missing jfr, jpackage and jwebserver alternative ghosts
- Move jcmd to the headless package
- Revert alt-java binary location to being within the JDK tree
- Resolves: RHEL-12997
- Resolves: RHEL-14954
- Resolves: RHEL-14962
- Resolves: RHEL-14958
- Related: RHEL-14946
- Resolves: RHEL-14959
- Resolves: RHEL-14948

[1:21.0.1.0.12-1]
- Exclude classes_nocoops.jsa on i686 and arm32
- Related: RHEL-14946

[1:21.0.1.0.12-1]
- Fix packaging of CDS archives
- Resolves: RHEL-14946

[1:21.0.0.0.35-2]
- Update documentation (README.md)
- Replace alt-java patch with a binary separate from the JDK
- Drop stale patches that are of little use any more:
- * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work
- * No accessibility subpackage to warrant RH1648242 & RH1648644 patches any more
- * No use of system libjpeg turbo to warrant RH649512 patch any more
- Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed
- Adapt alt-java test to new binary where there is always a set_speculation function
- Related: RHEL-12997

[1:21.0.0.0.35-1]
- Update to jdk-21.0.0+35
- Update system crypto policy & FIPS patch from new fips-21u tree
- Update generate_tarball.sh to sync with upstream vanilla script inc. no more ECC removal
- Drop fakefeaturever now it is no longer needed
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
- Use upstream release URL for OpenJDK source
- Re-enable tzdata tests now we are on the latest JDK and things are back in sync
- Install jaxp.properties introduced by JDK-8303530
- Install lible.so introduced by JDK-8306983
- Related: RHEL-12997

[1:21.0.0.0.35-1]
- Replace smoke test files used in the staticlibs test, as fdlibm was removed by JDK-8303798
- Related: RHEL-12997

[1:20.0.0.0.36-1]
- Update to jdk-20.0.2+9
- Update release notes to 20.0.2+9
- Update system crypto policy & FIPS patch from new fips-20u tree
- Update generate_tarball.sh ICEDTEA_VERSION
- Update CLDR reference data following update to 42 (Rocky Mountain-Normalzeit => Rocky-Mountain-Normalzeit)
- Related: RHEL-12997

[1:20.0.0.0.36-1]
- Dropped JDK-8295447, JDK-8296239 & JDK-8299439 patches now upstream
- Adapted rh1750419-redhat_alt_java.patch
- Related: RHEL-12997

[1:19.0.1.0.10-1]
- Update to jdk-19.0.2 release
- Update release notes to 19.0.2
- Rebase FIPS patches from fips-19u branch
- Remove references to sample directory removed by JDK-8284999
- Add local patch JDK-8295447 (javac NPE) which was accepted into 19u upstream but not in the GA tag
- Add local patches for JDK-8296239 & JDK-8299439 (Croatia Euro update) which are present in 8u, 11u & 17u releases
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Update to jdk-18.0.2 release
- Support JVM variant zero following JDK-8273494 no longer installing Zero's libjvm.so in the server directory
- Rebase FIPS patches from fips-18u branch
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Drop now unused fresh_libjvm, build_hotspot_first, bootjdk and buildjdkver variables, as we don't build a JDK here
- Drop tzdata patches added for 17.0.7 which will eventually appear in the upstream tarball when we reach OpenJDK 21
- Disable tzdata tests until we are on the latest JDK and things are back in sync
- Use empty nss.fips.cfg until it is again available via the FIPS patch
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Update to ea version of jdk18
- Add new slave jwebserver and corresponding manpage
- Adjust rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
- Related: RHEL-12997

[1:17.0.7.0.7-4]
- Add files missed by centpkg import.
- Related: rhbz#2192748

[1:17.0.7.0.7-3]
- Create java-21-openjdk package based on java-17-openjdk
- Related: rhbz#2192748

Related CVEs

CVE-2023-22025

CVE-2023-22081

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	java-21-openjdk-21.0.1.0.12-2.0.1.el9.src.rpm	f3ee9ce69da77f08f660d3bbfb5a37a1	-	ol9_aarch64_appstream
	java-21-openjdk-21.0.1.0.12-2.0.1.el9.src.rpm	f3ee9ce69da77f08f660d3bbfb5a37a1	-	ol9_aarch64_codeready_builder
	java-21-openjdk-21.0.1.0.12-2.0.1.el9.aarch64.rpm	f022f8ae063f8df892b1d49dfaa2f1fc	-	ol9_aarch64_appstream
	java-21-openjdk-demo-21.0.1.0.12-2.0.1.el9.aarch64.rpm	07ebd227778e5cecda650f0f3aa39a00	-	ol9_aarch64_appstream
	java-21-openjdk-demo-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	04d14b60f675f206cddd05e5cf1be349	-	ol9_aarch64_codeready_builder
	java-21-openjdk-demo-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	eb364816bc79f44337c3b8ce5d7b787a	-	ol9_aarch64_codeready_builder
	java-21-openjdk-devel-21.0.1.0.12-2.0.1.el9.aarch64.rpm	5cde465b81d3518ba6ac4455e706987b	-	ol9_aarch64_appstream
	java-21-openjdk-devel-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	e6569d438e05a7fd48e5ab109f15f84e	-	ol9_aarch64_codeready_builder
	java-21-openjdk-devel-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	935519ba8fb3c5c91b1cedef2686a03c	-	ol9_aarch64_codeready_builder
	java-21-openjdk-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	c56436eec091cc4adcc5b974152386ee	-	ol9_aarch64_codeready_builder
	java-21-openjdk-headless-21.0.1.0.12-2.0.1.el9.aarch64.rpm	66547462d22e8fe200cfe04f7df9ede8	-	ol9_aarch64_appstream
	java-21-openjdk-headless-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	410d52eaa378a7d81eb20862892be544	-	ol9_aarch64_codeready_builder
	java-21-openjdk-headless-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	9303bd6918eac9a1f42458aea18074b5	-	ol9_aarch64_codeready_builder
	java-21-openjdk-javadoc-21.0.1.0.12-2.0.1.el9.aarch64.rpm	bc17be3cc55532929aadfc3e8b5e626b	-	ol9_aarch64_appstream
	java-21-openjdk-javadoc-zip-21.0.1.0.12-2.0.1.el9.aarch64.rpm	8a79fe6f97758150a345eab78568c8e2	-	ol9_aarch64_appstream
	java-21-openjdk-jmods-21.0.1.0.12-2.0.1.el9.aarch64.rpm	19d81d3c20861f1d2268731e2dbd3fff	-	ol9_aarch64_appstream
	java-21-openjdk-jmods-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	dbb47bfed26a52848f052b9cb00795e4	-	ol9_aarch64_codeready_builder
	java-21-openjdk-jmods-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	5078c16316799aa63ebbc4369d6c6b8e	-	ol9_aarch64_codeready_builder
	java-21-openjdk-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	92a58f5a15325766a072595b6fd1ac8d	-	ol9_aarch64_codeready_builder
	java-21-openjdk-src-21.0.1.0.12-2.0.1.el9.aarch64.rpm	11d639b4b758f0e3ed458013821bda3a	-	ol9_aarch64_appstream
	java-21-openjdk-src-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	3ebcc06e20f7c6ece9389f382ac963c8	-	ol9_aarch64_codeready_builder
	java-21-openjdk-src-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	6c06369406e1747cd2db56cb4e7db256	-	ol9_aarch64_codeready_builder
	java-21-openjdk-static-libs-21.0.1.0.12-2.0.1.el9.aarch64.rpm	8e3b25022b673d16a2241c4d345979ec	-	ol9_aarch64_appstream
	java-21-openjdk-static-libs-fastdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	8e96ecb013f7afc09ea042651f098f2f	-	ol9_aarch64_codeready_builder
	java-21-openjdk-static-libs-slowdebug-21.0.1.0.12-2.0.1.el9.aarch64.rpm	0202390deacc9c2676371f8555e10bd7	-	ol9_aarch64_codeready_builder

Oracle Linux 9 (x86_64)	java-21-openjdk-21.0.1.0.12-2.0.1.el9.src.rpm	f3ee9ce69da77f08f660d3bbfb5a37a1	-	ol9_x86_64_appstream
	java-21-openjdk-21.0.1.0.12-2.0.1.el9.src.rpm	f3ee9ce69da77f08f660d3bbfb5a37a1	-	ol9_x86_64_codeready_builder
	java-21-openjdk-21.0.1.0.12-2.0.1.el9.x86_64.rpm	b974980b108ebd677ff6387f8de6984a	-	ol9_x86_64_appstream
	java-21-openjdk-demo-21.0.1.0.12-2.0.1.el9.x86_64.rpm	5ab56ff24a897c4cd9804363262b614b	-	ol9_x86_64_appstream
	java-21-openjdk-demo-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	890bdf196673e1a89866082a49a9278d	-	ol9_x86_64_codeready_builder
	java-21-openjdk-demo-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	09a4bad4c74507a8a3020cf17ca645d7	-	ol9_x86_64_codeready_builder
	java-21-openjdk-devel-21.0.1.0.12-2.0.1.el9.x86_64.rpm	309e459e1333edee8d29b3306d6c2c25	-	ol9_x86_64_appstream
	java-21-openjdk-devel-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	d3cf13717ad106ec1b58f8e3b047301a	-	ol9_x86_64_codeready_builder
	java-21-openjdk-devel-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	43b1f9466beba730a948f10e8191b7c1	-	ol9_x86_64_codeready_builder
	java-21-openjdk-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	da7d324102cd97beec4ecebca3cc5032	-	ol9_x86_64_codeready_builder
	java-21-openjdk-headless-21.0.1.0.12-2.0.1.el9.x86_64.rpm	cd41e1cda157b0176a943b986fe33c2b	-	ol9_x86_64_appstream
	java-21-openjdk-headless-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	65a4fa96a895184b9c12249ce414dc24	-	ol9_x86_64_codeready_builder
	java-21-openjdk-headless-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	e0c7163d2da8dc1a6ffb41652f10fa0a	-	ol9_x86_64_codeready_builder
	java-21-openjdk-javadoc-21.0.1.0.12-2.0.1.el9.x86_64.rpm	eebbd09530a02908ff92a3e8cd2a66b5	-	ol9_x86_64_appstream
	java-21-openjdk-javadoc-zip-21.0.1.0.12-2.0.1.el9.x86_64.rpm	470a086036cf1a22f1527fc871c889d6	-	ol9_x86_64_appstream
	java-21-openjdk-jmods-21.0.1.0.12-2.0.1.el9.x86_64.rpm	f0f51a739643a640a98e7d2201452b72	-	ol9_x86_64_appstream
	java-21-openjdk-jmods-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	c0bc8614b06ca14927e93d696b8e6df3	-	ol9_x86_64_codeready_builder
	java-21-openjdk-jmods-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	c974be06ea2b84715b8a6009bea6981a	-	ol9_x86_64_codeready_builder
	java-21-openjdk-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	1463922b11824945479afe8e8d81b40f	-	ol9_x86_64_codeready_builder
	java-21-openjdk-src-21.0.1.0.12-2.0.1.el9.x86_64.rpm	538658e972869f39e225d11e5cb565b2	-	ol9_x86_64_appstream
	java-21-openjdk-src-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	075eda7edb377ea794070b5a3652c1af	-	ol9_x86_64_codeready_builder
	java-21-openjdk-src-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	704ea4507019795979e2eb0fef559891	-	ol9_x86_64_codeready_builder
	java-21-openjdk-static-libs-21.0.1.0.12-2.0.1.el9.x86_64.rpm	4b6a47b22db8387722d5b2099053b99f	-	ol9_x86_64_appstream
	java-21-openjdk-static-libs-fastdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	ec5ebb7ea62edacff5f235fa1bcba043	-	ol9_x86_64_codeready_builder
	java-21-openjdk-static-libs-slowdebug-21.0.1.0.12-2.0.1.el9.x86_64.rpm	9e099d5e9fa55bc1ad24381020d1fd88	-	ol9_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691