Oracle Linux Security Advisory ELSA-2024-1828

http://linux.oracle.com/errata/ELSA-2024-1828.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-21-openjdk-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-javadoc-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-javadoc-zip-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm

aarch64:
java-21-openjdk-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-javadoc-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-javadoc-zip-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//java-21-openjdk-21.0.3.0.9-1.0.1.el8.src.rpm

Related CVEs:

CVE-2024-21011
CVE-2024-21012
CVE-2024-21068




Description of changes:

[1:21.0.3.0.9-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:21.0.3.0.9-1]
- Update to jdk-21.0.3+9 (GA)
- Update release notes to 21.0.3+9
- Switch to GA mode.
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. **
- Resolves: RHEL-32405

[1:21.0.3.0.7-0.1.ea]
- Update to jdk-21.0.3+7 (EA)
- Update release notes to 21.0.3+7
- Require tzdata 2024a due to upstream inclusion of JDK-8322725
- Only require tzdata 2023d for now as 2024a is unavailable in buildroot
- Drop JDK-8009550 which is now available upstream
- Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254
- Resolves: RHEL-30944

[1:21.0.3.0.1-0.2.ea]
- Invoke xz in multi-threaded mode
- generate_source_tarball.sh: Add WITH_TEMP environment variable
- generate_source_tarball.sh: Multithread xz on all available cores
- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable
- generate_source_tarball.sh: Update comment about tarball naming
- generate_source_tarball.sh: Reformat comment header
- generate_source_tarball.sh: Reformat and update help output
- generate_source_tarball.sh: Do a shallow clone, for speed
- generate_source_tarball.sh: Append -ea designator when required
- generate_source_tarball.sh: Eliminate some removal prompting
- generate_source_tarball.sh: Make tarball reproducible
- generate_source_tarball.sh: Prefix temporary directory with temp-
- generate_source_tarball.sh: Remove temporary directory exit conditions
- generate_source_tarball.sh: Fix -ea logic to add dash
- generate_source_tarball.sh: Set compile-command in Emacs
- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT
- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks
- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166)
- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004)
- Use backward-compatible patch syntax
- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST
- generate_source_tarball.sh: Fix whitespace
- generate_source_tarball.sh: Remove trailing period in echo
- generate_source_tarball.sh: Use long-style argument to grep
- generate_source_tarball.sh: Add license
- generate_source_tarball.sh: Add indentation instructions for Emacs
- Related: RHEL-30944

[1:21.0.3.0.1-0.2.ea]
- Install alt-java man page from the misc tarball as it is no longer in the JDK image
- generate_source_tarball.sh: Update examples in header for clarity
- generate_source_tarball.sh: Cleanup message issued when checkout already exists
- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP
- generate_source_tarball.sh: Only add --depth=1 on non-local repositories
- Move maintenance scripts to a scripts subdirectory
- discover_trees.sh: Set compile-command and indentation instructions for Emacs
- discover_trees.sh: shellcheck: Do not use -o (SC2166)
- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: Add authorship
- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs
- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)
- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: Set compile-command and indentation instructions for Emacs
- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)
- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)
- generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST
- generate_source_tarball.sh: Double-quote DEPTH reference (SC2086)
- generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck
- Related: RHEL-30944

[1:21.0.3.0.1-0.1.ea]
- Update to jdk-21.0.3+1 (EA)
- Update release notes to 21.0.3+1
- Switch to EA mode
- Require tzdata 2023d due to upstream inclusion of JDK-8322725
- Bump FreeType version to 2.13.2 following JDK-8316028
- Related: RHEL-30944

_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2024-1828: java-21-openjdk Moderate Security Advisory Updates

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

[1:21.0.3.0.9-1.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:21.0.3.0.9-1] - Update to jdk-21.0.3+9 (GA) - Update release notes to 21.0.3+9 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** - Resolves: RHEL-32405 [1:21.0.3.0.7-0.1.ea] - Update to jdk-21.0.3+7 (EA) - Update release notes to 21.0.3+7 - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - Only require tzdata 2023d for now as 2024a is unavailable in buildroot - Drop JDK-8009550 which is now available upstream - Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254 - Resolves: RHEL-30944 [1:21.0.3.0.1-0.2.ea] - Invoke xz in multi-threaded mode - generate_source_tarball.sh: Add WITH_TEMP environment variable - generate_source_tarball.sh: Multithread xz on all available cores - generate_source_tarball.sh: Add OPENJDK_LATEST environment variable - generate_source_tarball.sh: Update comment about tarball naming - generate_source_tarball.sh: Reformat comment header - generate_source_tarball.sh: Reformat and update help output - generate_source_tarball.sh: Do a shallow clone, for speed - generate_source_tarball.sh: Append -ea designator when required - generate_source_tarball.sh: Eliminate some removal prompting - generate_source_tarball.sh: Make tarball reproducible - generate_source_tarball.sh: Prefix temporary directory with temp- - generate_source_tarball.sh: Remove temporary directory exit conditions - generate_source_tarball.sh: Fix -ea logic to add dash - generate_source_tarball.sh: Set compile-command in Emacs - generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT - generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks - generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) - generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) - Use backward-compatible patch syntax - generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST - generate_source_tarball.sh: Fix whitespace - generate_source_tarball.sh: Remove trailing period in echo - generate_source_tarball.sh: Use long-style argument to grep - generate_source_tarball.sh: Add license - generate_source_tarball.sh: Add indentation instructions for Emacs - Related: RHEL-30944 [1:21.0.3.0.1-0.2.ea] - Install alt-java man page from the misc tarball as it is no longer in the JDK image - generate_source_tarball.sh: Update examples in header for clarity - generate_source_tarball.sh: Cleanup message issued when checkout already exists - generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP - generate_source_tarball.sh: Only add --depth=1 on non-local repositories - Move maintenance scripts to a scripts subdirectory - discover_trees.sh: Set compile-command and indentation instructions for Emacs - discover_trees.sh: shellcheck: Do not use -o (SC2166) - discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - discover_trees.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: Add authorship - icedtea_sync.sh: Set compile-command and indentation instructions for Emacs - icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) - icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: Set compile-command and indentation instructions for Emacs - openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) - openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) - generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST - generate_source_tarball.sh: Double-quote DEPTH reference (SC2086) - generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck - Related: RHEL-30944 [1:21.0.3.0.1-0.1.ea] - Update to jdk-21.0.3+1 (EA) - Update release notes to 21.0.3+1 - Switch to EA mode - Require tzdata 2023d due to upstream inclusion of JDK-8322725 - Bump FreeType version to 2.13.2 following JDK-8316028 - Related: RHEL-30944

SRPMs

http://oss.oracle.com/ol8/SRPMS-updates//java-21-openjdk-21.0.3.0.9-1.0.1.el8.src.rpm

x86_64

java-21-openjdk-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-demo-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-devel-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-headless-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-javadoc-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-javadoc-zip-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-jmods-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-src-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-static-libs-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-demo-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-demo-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-devel-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-devel-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-headless-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-headless-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-jmods-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-jmods-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-src-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-src-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-static-libs-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm java-21-openjdk-static-libs-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm

aarch64

java-21-openjdk-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-demo-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-devel-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-headless-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-javadoc-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-javadoc-zip-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-jmods-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-src-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-static-libs-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-demo-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-demo-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-devel-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-devel-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-headless-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-headless-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-jmods-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-jmods-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-src-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-src-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-static-libs-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm java-21-openjdk-static-libs-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm

i386

Severity
Related CVEs: CVE-2024-21011 CVE-2024-21012 CVE-2024-21068

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved