ELSA-2023-6887

ULN >
Oracle Linux Errata repository >
ELSA-2023-6887

ELSA-2023-6887 - java-21-openjdk security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2023-11-18

Description

[1:21.0.1.0.12-2.0.1]
- Add Oracle vendor bug URL

[1:21.0.1.0.12-2]
- Switch to using portable binaries built on RHEL 7
- Sync the copy of the portable specfile with the RHEL 7 version
- Related: RHEL-12997

[1:21.0.1.0.12-1]
- Update to jdk-21.0.1.0+12 (GA)
- Update release notes to 21.0.1.0+12
- Sync the copy of the portable specfile with the latest update
- Update openjdk_news script to specify subdirectory last
- Add missing discover_trees script required by openjdk_news
- Synchronise bundled versions with 21u sources (FreeType, LCMS, HarfBuzz, libpng)
- Sync generate_tarball.sh with 11u & 17u version
- Update bug URL for RHEL to point to the Red Hat customer portal
- Fix upstream release URL for OpenJDK source
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
- Use tapsets from the misc tarball
- Introduce 'prelease' for the portable release versioning, to handle EA builds
- Make sure root installation directory is created first
- Use in-place substitution for all but the first of the tapset changes
- Synchronise runtime and buildtime tzdata requirements
- Remove ghosts for binaries not in java-21-openjdk (pack200, rmid, unpack200)
- Add missing jfr, jpackage and jwebserver alternative ghosts
- Move jcmd to the headless package
- Revert alt-java binary location to being within the JDK tree
- Resolves: RHEL-12997
- Resolves: RHEL-14954
- Resolves: RHEL-14962
- Resolves: RHEL-14958
- Related: RHEL-14946
- Resolves: RHEL-14959
- Resolves: RHEL-14948

[1:21.0.1.0.12-1]
- Exclude classes_nocoops.jsa on i686 and arm32
- Related: RHEL-14946

[1:21.0.1.0.12-1]
- Fix packaging of CDS archives
- Resolves: RHEL-14946

[1:21.0.0.0.35-2]
- Update documentation (README.md)
- Replace alt-java patch with a binary separate from the JDK
- Drop stale patches that are of little use any more:
- * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work
- * No accessibility subpackage to warrant RH1648242 & RH1648644 patches any more
- * No use of system libjpeg turbo to warrant RH649512 patch any more
- Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed
- Adapt alt-java test to new binary where there is always a set_speculation function
- Related: RHEL-12997

[1:21.0.0.0.35-1]
- Update to jdk-21.0.0+35
- Update system crypto policy & FIPS patch from new fips-21u tree
- Update generate_tarball.sh to sync with upstream vanilla script inc. no more ECC removal
- Drop fakefeaturever now it is no longer needed
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
- Use upstream release URL for OpenJDK source
- Re-enable tzdata tests now we are on the latest JDK and things are back in sync
- Install jaxp.properties introduced by JDK-8303530
- Install lible.so introduced by JDK-8306983
- Related: RHEL-12997

[1:21.0.0.0.35-1]
- Replace smoke test files used in the staticlibs test, as fdlibm was removed by JDK-8303798
- Related: RHEL-12997

[1:20.0.0.0.36-1]
- Update to jdk-20.0.2+9
- Update release notes to 20.0.2+9
- Update system crypto policy & FIPS patch from new fips-20u tree
- Update generate_tarball.sh ICEDTEA_VERSION
- Update CLDR reference data following update to 42 (Rocky Mountain-Normalzeit => Rocky-Mountain-Normalzeit)
- Related: RHEL-12997

[1:20.0.0.0.36-1]
- Dropped JDK-8295447, JDK-8296239 & JDK-8299439 patches now upstream
- Adapted rh1750419-redhat_alt_java.patch
- Related: RHEL-12997

[1:19.0.1.0.10-1]
- Update to jdk-19.0.2 release
- Update release notes to 19.0.2
- Rebase FIPS patches from fips-19u branch
- Remove references to sample directory removed by JDK-8284999
- Add local patch JDK-8295447 (javac NPE) which was accepted into 19u upstream but not in the GA tag
- Add local patches for JDK-8296239 & JDK-8299439 (Croatia Euro update) which are present in 8u, 11u & 17u releases
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Update to jdk-18.0.2 release
- Support JVM variant zero following JDK-8273494 no longer installing Zero's libjvm.so in the server directory
- Rebase FIPS patches from fips-18u branch
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Drop now unused fresh_libjvm, build_hotspot_first, bootjdk and buildjdkver variables, as we don't build a JDK here
- Drop tzdata patches added for 17.0.7 which will eventually appear in the upstream tarball when we reach OpenJDK 21
- Disable tzdata tests until we are on the latest JDK and things are back in sync
- Use empty nss.fips.cfg until it is again available via the FIPS patch
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Update to ea version of jdk18
- Add new slave jwebserver and corresponding manpage
- Adjust rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
- Related: RHEL-12997

[1:18.0.2.0.9-1]
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
- Related: RHEL-12997

[1:17.0.7.0.7-4]
- Add files missed by centpkg import.
- Related: rhbz#2192748

[1:17.0.7.0.7-3]
- Create java-21-openjdk package based on java-17-openjdk
- Related: rhbz#2192748

Related CVEs

CVE-2023-22025

CVE-2023-22081

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	java-21-openjdk-21.0.1.0.12-2.0.1.el8.src.rpm	09333ab8055686bb4f862e2df0b762cc2d0438c03594573d61bbbcee59a71fc8	-	ol8_aarch64_appstream
	java-21-openjdk-21.0.1.0.12-2.0.1.el8.src.rpm	09333ab8055686bb4f862e2df0b762cc2d0438c03594573d61bbbcee59a71fc8	-	ol8_aarch64_codeready_builder
	java-21-openjdk-21.0.1.0.12-2.0.1.el8.aarch64.rpm	14b8faa131270a4796afbded2300ca412b65bd1638dbd179beae390fd31d16d1	-	ol8_aarch64_appstream
	java-21-openjdk-demo-21.0.1.0.12-2.0.1.el8.aarch64.rpm	6825c600ec28b207c28caee7a9301ecd4332acfb232dc531dee38074fcd19670	-	ol8_aarch64_appstream
	java-21-openjdk-demo-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	c77ee58969b5ccc468d812f1edc11b71a52378b8078e5e9751691801cd36e062	-	ol8_aarch64_codeready_builder
	java-21-openjdk-demo-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	c352d10163f86b2133a6f947f6d16b851fc86107f0a5250816002d42165c1fdb	-	ol8_aarch64_codeready_builder
	java-21-openjdk-devel-21.0.1.0.12-2.0.1.el8.aarch64.rpm	345ac36e37487a283204c8a117747342fc618b60d3d745c66818bfa6458e5551	-	ol8_aarch64_appstream
	java-21-openjdk-devel-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	1ee494cc6e805968b3eb2dd7d33c7b15559807cc239c2a0e146bcdce18db02e9	-	ol8_aarch64_codeready_builder
	java-21-openjdk-devel-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	60dbdcfcc600909265db5d4b83485ce249d83422e385bb331b730b7e0d85535f	-	ol8_aarch64_codeready_builder
	java-21-openjdk-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	a4682649ceb5b2bb1deb9a01bf5860d4661fd61cb0fa5450235b79e6ae5820b6	-	ol8_aarch64_codeready_builder
	java-21-openjdk-headless-21.0.1.0.12-2.0.1.el8.aarch64.rpm	ac421a1c5f156a566b037e87be1ad02ed829c2e4fc400e24bf67a06cb0a45e44	-	ol8_aarch64_appstream
	java-21-openjdk-headless-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	88f08f6f960862ba4a9c2606b4d907583c2a1dde1f6144e090b42a96e7d730ed	-	ol8_aarch64_codeready_builder
	java-21-openjdk-headless-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	1dd06bfeb86e5e8b5c16029fb5de310c365b7f95b0aa0d99c7b73e2ee4310655	-	ol8_aarch64_codeready_builder
	java-21-openjdk-javadoc-21.0.1.0.12-2.0.1.el8.aarch64.rpm	9532fbcfd6532dafc9cb7878f2fc8859abeb9f85269fab8f039b8720fa66ce98	-	ol8_aarch64_appstream
	java-21-openjdk-javadoc-zip-21.0.1.0.12-2.0.1.el8.aarch64.rpm	7263ffda74efcde3ef068d601aa8e4ae08a2994dfa0f184e75b078c899ee6c77	-	ol8_aarch64_appstream
	java-21-openjdk-jmods-21.0.1.0.12-2.0.1.el8.aarch64.rpm	efe83b3afbd63cd7d9b09005d6370881709709ee2d9ebde5845144d7830e5eb8	-	ol8_aarch64_appstream
	java-21-openjdk-jmods-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	0badd4ba1d44230568b0c2ef3580f2301cbad445d9cbda23aa4d289dbb4e7cb2	-	ol8_aarch64_codeready_builder
	java-21-openjdk-jmods-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	4811f3b073615e4d2c026743755a9f4bca21c2ed3da3b27e3368e5fafdc41274	-	ol8_aarch64_codeready_builder
	java-21-openjdk-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	21f14fc8a34f821985e5a3c6460f04c2d70031b4e0222888b002525f18b31751	-	ol8_aarch64_codeready_builder
	java-21-openjdk-src-21.0.1.0.12-2.0.1.el8.aarch64.rpm	248ec3b49067c6d0befa6a2734ee2a18e856c20838de7df68ecdd7d7c4571675	-	ol8_aarch64_appstream
	java-21-openjdk-src-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	505e0b3a5742638a81249f92474d79edfb6fe8412706d2174ee42cedbf8f3a6c	-	ol8_aarch64_codeready_builder
	java-21-openjdk-src-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	301bc0c382d37392b9be41e1419de1d58da09fa5b0eabbbfcd087985b051715e	-	ol8_aarch64_codeready_builder
	java-21-openjdk-static-libs-21.0.1.0.12-2.0.1.el8.aarch64.rpm	0df10b275a083fc3420e8bbe800d78e30d69c923fee9fd5b4e603aa7d31a20d5	-	ol8_aarch64_appstream
	java-21-openjdk-static-libs-fastdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	13f1eacf1103126d7db4105604190b723a1584a28839b44a8c8d42c92001757a	-	ol8_aarch64_codeready_builder
	java-21-openjdk-static-libs-slowdebug-21.0.1.0.12-2.0.1.el8.aarch64.rpm	8fd450680fb1545a1676622ae4af871301f0ed89c8061f7c105491e7db8c5189	-	ol8_aarch64_codeready_builder

Oracle Linux 8 (x86_64)	java-21-openjdk-21.0.1.0.12-2.0.1.el8.src.rpm	09333ab8055686bb4f862e2df0b762cc2d0438c03594573d61bbbcee59a71fc8	-	ol8_x86_64_appstream
	java-21-openjdk-21.0.1.0.12-2.0.1.el8.src.rpm	09333ab8055686bb4f862e2df0b762cc2d0438c03594573d61bbbcee59a71fc8	-	ol8_x86_64_codeready_builder
	java-21-openjdk-21.0.1.0.12-2.0.1.el8.x86_64.rpm	99da478ebec47ddef06e50551110d70e7f9a4473e154336ea5d9bb3a6c25db88	-	ol8_x86_64_appstream
	java-21-openjdk-demo-21.0.1.0.12-2.0.1.el8.x86_64.rpm	37b61a100360ea9d298fce53ebb56da755ad0b5352d3b1c86ef580ae891c0e6f	-	ol8_x86_64_appstream
	java-21-openjdk-demo-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	8c8de82691fe0bc5d633b67e5894be9a75783298bae11446f92a270590a564f3	-	ol8_x86_64_codeready_builder
	java-21-openjdk-demo-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	74dd5aea7a6ad624167737b4254623ae9728f65d964455653dfa1b674ee762f4	-	ol8_x86_64_codeready_builder
	java-21-openjdk-devel-21.0.1.0.12-2.0.1.el8.x86_64.rpm	f635db67b5f47271650b3b3ce8c59fda8622c8767d10eecf4aec7f37cdb186ff	-	ol8_x86_64_appstream
	java-21-openjdk-devel-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	0a7f48b35a940a559a204b71ff6af7352eaf76b5c32a63713cecb55e459126f2	-	ol8_x86_64_codeready_builder
	java-21-openjdk-devel-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	230fd8273630d5c3109630517e92988a24349d9e609b3b502f8cbbf9a794b5fc	-	ol8_x86_64_codeready_builder
	java-21-openjdk-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	aadf6c4682af95462a4a750610d5cbb79ed7cf925767b1aae9b98131cbc13907	-	ol8_x86_64_codeready_builder
	java-21-openjdk-headless-21.0.1.0.12-2.0.1.el8.x86_64.rpm	b0441a232f325cbe31a8abbc05b11eefeb27ca121846e4758147959fed3b8b9f	-	ol8_x86_64_appstream
	java-21-openjdk-headless-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	38db4e4703d3233f36430618aa0413f857532642c7bee93431885d9414231913	-	ol8_x86_64_codeready_builder
	java-21-openjdk-headless-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	fb146957abd9aa9959d9797a0a4fcde05b7a208a40bb85cb7184cd4c9104cffb	-	ol8_x86_64_codeready_builder
	java-21-openjdk-javadoc-21.0.1.0.12-2.0.1.el8.x86_64.rpm	e62ec22bc90cac28801db613ae88a691a57f87ecb129455bbe7e0f40552c7867	-	ol8_x86_64_appstream
	java-21-openjdk-javadoc-zip-21.0.1.0.12-2.0.1.el8.x86_64.rpm	19b02b2d25aaf309af57a973378317bf26399521df29f20a91b06d6a19d08d20	-	ol8_x86_64_appstream
	java-21-openjdk-jmods-21.0.1.0.12-2.0.1.el8.x86_64.rpm	fb98b9a9aea7a76c275dc9a0af0144151c1fee3c2c047de0bd5073083e219355	-	ol8_x86_64_appstream
	java-21-openjdk-jmods-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	d8a1a6e0ba1bd203090e217e556c071a00519da96f704478266ed60560ed2d1a	-	ol8_x86_64_codeready_builder
	java-21-openjdk-jmods-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	96b07bff235d13d3b1ff31b7989a9386a123842a9641d164841df413d242d249	-	ol8_x86_64_codeready_builder
	java-21-openjdk-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	81bb3209b3e9da51dfa859b835511cc4c2f655a14429602b518ce6e2215b7e4f	-	ol8_x86_64_codeready_builder
	java-21-openjdk-src-21.0.1.0.12-2.0.1.el8.x86_64.rpm	b894127d078dc956eeaad696191714d5dd5381eb0034fa5b1978014f9f75e370	-	ol8_x86_64_appstream
	java-21-openjdk-src-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	562695bc882d0d91d758836550eaea45db22be1d170631ed4b6922c7ffd0b6b9	-	ol8_x86_64_codeready_builder
	java-21-openjdk-src-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	34dc0726a2dd79e6e50fbbb3261562d0788e18419599b725902d0156317fb507	-	ol8_x86_64_codeready_builder
	java-21-openjdk-static-libs-21.0.1.0.12-2.0.1.el8.x86_64.rpm	30ca55db8f68a9b0d4ebe965545cad90033316d6631771bce322be2b4f0a9fc5	-	ol8_x86_64_appstream
	java-21-openjdk-static-libs-fastdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	8b760a38932be08d0c81bdd0e35b55952f5c7074d48d2cc1d6daf5141b6d9eb0	-	ol8_x86_64_codeready_builder
	java-21-openjdk-static-libs-slowdebug-21.0.1.0.12-2.0.1.el8.x86_64.rpm	dcf181d50f621f1807754b945bde50db0825b25293f1b091122a5ad04271063b	-	ol8_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691