Oracle Linux Security Advisory ELSA-2024-1817

http://linux.oracle.com/errata/ELSA-2024-1817.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-1.8.0-openjdk-1.8.0.412.b08-1.el7_9.i686.rpm
java-1.8.0-openjdk-1.8.0.412.b08-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.412.b08-1.el7_9.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.412.b08-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.412.b08-1.el7_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.412.b08-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.412.b08-1.el7_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.412.b08-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.412.b08-1.el7_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.412.b08-1.el7_9.x86_64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.412.b08-1.el7_9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.412.b08-1.el7_9.noarch.rpm
java-1.8.0-openjdk-src-1.8.0.412.b08-1.el7_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.412.b08-1.el7_9.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//java-1.8.0-openjdk-1.8.0.412.b08-1.el7_9.src.rpm

Related CVEs:

CVE-2024-21011
CVE-2024-21068
CVE-2024-21085
CVE-2024-21094




Description of changes:

[1:1.8.0.412.b08-1]
- Update to shenandoah-jdk8u412-b08 (GA)
- Update release notes for shenandoah-8u412-b08.
- Complete release note for Certainly roots
- Switch to GA mode.
- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. **
- Related: RHEL-30926

[1:1.8.0.412.b07-0.1.ea]
- Update to shenandoah-jdk8u412-b07 (EA)
- Update release notes for shenandoah-8u412-b07.
- Require tzdata 2024a due to upstream inclusion of JDK-8322725
- Only require tzdata 2023d for now as 2024a is unavailable in buildroot
- Resolves: RHEL-30926

[1:1.8.0.412.b01-0.1.ea]
- Turn off xz multi-threading on i686 as it fails with an out of memory error
- Normalise whitespace
- Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources
- generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity
- generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork
- generate_source_tarball.sh: Adapt version logic to work with 8u
- generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086)
- generate_source_tarball.sh: Update examples in header for clarity
- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP
- generate_source_tarball.sh: Only add --depth=1 on non-local repositories
- Move maintenance scripts to a scripts subdirectory
- icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository
- jconsole.desktop.in: Restored by running icedtea_sync.sh
- policytool.desktop.in: Likewise.
- Restore IcedTea sources correctly in spec file
- discover_trees.sh: Set compile-command and indentation instructions for Emacs
- discover_trees.sh: shellcheck: Do not use -o (SC2166)
- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: Add authorship
- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs
- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)
- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: Set compile-command and indentation instructions for Emacs
- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)
- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)
- generate_source_tarball.sh: Handle an existing checkout
- generate_source_tarball.sh: Sync indentation with java-21-openjdk version
- generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS
- Related: RHEL-30926

[1:1.8.0.412.b01-0.1.ea]
- Invoke xz in multi-threaded mode
- generate_source_tarball.sh: Add WITH_TEMP environment variable
- generate_source_tarball.sh: Multithread xz on all available cores
- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable
- generate_source_tarball.sh: Update comment about tarball naming
- generate_source_tarball.sh: Reformat comment header
- generate_source_tarball.sh: Reformat and update help output
- generate_source_tarball.sh: Do a shallow clone, for speed
- generate_source_tarball.sh: Eliminate some removal prompting
- generate_source_tarball.sh: Make tarball reproducible
- generate_source_tarball.sh: Prefix temporary directory with temp-
- generate_source_tarball.sh: Remove temporary directory exit conditions
- generate_source_tarball.sh: Set compile-command in Emacs
- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT
- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks
- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166)
- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004)
- Use backward-compatible patch syntax
- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST
- generate_source_tarball.sh: Remove trailing period in echo
- generate_source_tarball.sh: Use long-style argument to grep
- generate_source_tarball.sh: Add license
- generate_source_tarball.sh: Add indentation instructions for Emacs
- Remove -T0 argument from systemtap tar invocation
- Related: RHEL-30926

[1:1.8.0.412.b01-0.1.ea]
- Update to shenandoah-jdk8u412-b01 (EA)
- Update release notes for shenandoah-8u412-b01.
- Switch to EA mode.
- Related: RHEL-30926


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle7: ELSA-2024-1817: java-1.8.0-openjdk Moderate Security Advisory Updates

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Summary

[1:1.8.0.412.b08-1] - Update to shenandoah-jdk8u412-b08 (GA) - Update release notes for shenandoah-8u412-b08. - Complete release note for Certainly roots - Switch to GA mode. - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** - Related: RHEL-30926 [1:1.8.0.412.b07-0.1.ea] - Update to shenandoah-jdk8u412-b07 (EA) - Update release notes for shenandoah-8u412-b07. - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - Only require tzdata 2023d for now as 2024a is unavailable in buildroot - Resolves: RHEL-30926 [1:1.8.0.412.b01-0.1.ea] - Turn off xz multi-threading on i686 as it fails with an out of memory error - Normalise whitespace - Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources - generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity - generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork - generate_source_tarball.sh: Adapt version logic to work with 8u - generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086) - generate_source_tarball.sh: Update examples in header for clarity - generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP - generate_source_tarball.sh: Only add --depth=1 on non-local repositories - Move maintenance scripts to a scripts subdirectory - icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository - jconsole.desktop.in: Restored by running icedtea_sync.sh - policytool.desktop.in: Likewise. - Restore IcedTea sources correctly in spec file - discover_trees.sh: Set compile-command and indentation instructions for Emacs - discover_trees.sh: shellcheck: Do not use -o (SC2166) - discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - discover_trees.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: Add authorship - icedtea_sync.sh: Set compile-command and indentation instructions for Emacs - icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) - icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: Set compile-command and indentation instructions for Emacs - openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) - openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) - generate_source_tarball.sh: Handle an existing checkout - generate_source_tarball.sh: Sync indentation with java-21-openjdk version - generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS - Related: RHEL-30926 [1:1.8.0.412.b01-0.1.ea] - Invoke xz in multi-threaded mode - generate_source_tarball.sh: Add WITH_TEMP environment variable - generate_source_tarball.sh: Multithread xz on all available cores - generate_source_tarball.sh: Add OPENJDK_LATEST environment variable - generate_source_tarball.sh: Update comment about tarball naming - generate_source_tarball.sh: Reformat comment header - generate_source_tarball.sh: Reformat and update help output - generate_source_tarball.sh: Do a shallow clone, for speed - generate_source_tarball.sh: Eliminate some removal prompting - generate_source_tarball.sh: Make tarball reproducible - generate_source_tarball.sh: Prefix temporary directory with temp- - generate_source_tarball.sh: Remove temporary directory exit conditions - generate_source_tarball.sh: Set compile-command in Emacs - generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT - generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks - generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) - generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) - Use backward-compatible patch syntax - generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST - generate_source_tarball.sh: Remove trailing period in echo - generate_source_tarball.sh: Use long-style argument to grep - generate_source_tarball.sh: Add license - generate_source_tarball.sh: Add indentation instructions for Emacs - Remove -T0 argument from systemtap tar invocation - Related: RHEL-30926 [1:1.8.0.412.b01-0.1.ea] - Update to shenandoah-jdk8u412-b01 (EA) - Update release notes for shenandoah-8u412-b01. - Switch to EA mode. - Related: RHEL-30926

SRPMs

http://oss.oracle.com/ol7/SRPMS-updates//java-1.8.0-openjdk-1.8.0.412.b08-1.el7_9.src.rpm

x86_64

java-1.8.0-openjdk-1.8.0.412.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.412.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.412.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.412.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.412.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.412.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.412.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.412.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.412.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.412.b08-1.el7_9.x86_64.rpm java-1.8.0-openjdk-javadoc-1.8.0.412.b08-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.412.b08-1.el7_9.noarch.rpm java-1.8.0-openjdk-src-1.8.0.412.b08-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.412.b08-1.el7_9.x86_64.rpm

aarch64

i386

Severity
Related CVEs: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved