[El-errata] ELSA-2024-1828 Moderate: Oracle Linux 8 java-21-openjdk security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Apr 24 08:28:41 UTC 2024
Oracle Linux Security Advisory ELSA-2024-1828
http://linux.oracle.com/errata/ELSA-2024-1828.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
java-21-openjdk-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-javadoc-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-javadoc-zip-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.3.0.9-1.0.1.el8.x86_64.rpm
aarch64:
java-21-openjdk-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-javadoc-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-javadoc-zip-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.3.0.9-1.0.1.el8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//java-21-openjdk-21.0.3.0.9-1.0.1.el8.src.rpm
Related CVEs:
CVE-2024-21011
CVE-2024-21012
CVE-2024-21068
Description of changes:
[1:21.0.3.0.9-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]
[1:21.0.3.0.9-1]
- Update to jdk-21.0.3+9 (GA)
- Update release notes to 21.0.3+9
- Switch to GA mode.
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. **
- Resolves: RHEL-32405
[1:21.0.3.0.7-0.1.ea]
- Update to jdk-21.0.3+7 (EA)
- Update release notes to 21.0.3+7
- Require tzdata 2024a due to upstream inclusion of JDK-8322725
- Only require tzdata 2023d for now as 2024a is unavailable in buildroot
- Drop JDK-8009550 which is now available upstream
- Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254
- Resolves: RHEL-30944
[1:21.0.3.0.1-0.2.ea]
- Invoke xz in multi-threaded mode
- generate_source_tarball.sh: Add WITH_TEMP environment variable
- generate_source_tarball.sh: Multithread xz on all available cores
- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable
- generate_source_tarball.sh: Update comment about tarball naming
- generate_source_tarball.sh: Reformat comment header
- generate_source_tarball.sh: Reformat and update help output
- generate_source_tarball.sh: Do a shallow clone, for speed
- generate_source_tarball.sh: Append -ea designator when required
- generate_source_tarball.sh: Eliminate some removal prompting
- generate_source_tarball.sh: Make tarball reproducible
- generate_source_tarball.sh: Prefix temporary directory with temp-
- generate_source_tarball.sh: Remove temporary directory exit conditions
- generate_source_tarball.sh: Fix -ea logic to add dash
- generate_source_tarball.sh: Set compile-command in Emacs
- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT
- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks
- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166)
- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004)
- Use backward-compatible patch syntax
- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST
- generate_source_tarball.sh: Fix whitespace
- generate_source_tarball.sh: Remove trailing period in echo
- generate_source_tarball.sh: Use long-style argument to grep
- generate_source_tarball.sh: Add license
- generate_source_tarball.sh: Add indentation instructions for Emacs
- Related: RHEL-30944
[1:21.0.3.0.1-0.2.ea]
- Install alt-java man page from the misc tarball as it is no longer in the JDK image
- generate_source_tarball.sh: Update examples in header for clarity
- generate_source_tarball.sh: Cleanup message issued when checkout already exists
- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP
- generate_source_tarball.sh: Only add --depth=1 on non-local repositories
- Move maintenance scripts to a scripts subdirectory
- discover_trees.sh: Set compile-command and indentation instructions for Emacs
- discover_trees.sh: shellcheck: Do not use -o (SC2166)
- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: Add authorship
- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs
- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)
- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: Set compile-command and indentation instructions for Emacs
- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)
- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)
- generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST
- generate_source_tarball.sh: Double-quote DEPTH reference (SC2086)
- generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck
- Related: RHEL-30944
[1:21.0.3.0.1-0.1.ea]
- Update to jdk-21.0.3+1 (EA)
- Update release notes to 21.0.3+1
- Switch to EA mode
- Require tzdata 2023d due to upstream inclusion of JDK-8322725
- Bump FreeType version to 2.13.2 following JDK-8316028
- Related: RHEL-30944
More information about the El-errata
mailing list