[El-errata] ELSA-2024-4568 Important: Oracle Linux 8 java-17-openjdk security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Jul 19 16:48:27 UTC 2024 

Oracle Linux Security Advisory ELSA-2024-4568

http://linux.oracle.com/errata/ELSA-2024-4568.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-17-openjdk-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-demo-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-devel-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-headless-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-javadoc-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-javadoc-zip-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-src-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-demo-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-demo-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-devel-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-devel-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-headless-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-headless-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-src-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-src-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.12.0.7-2.0.1.el8.x86_64.rpm

aarch64:
java-17-openjdk-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-demo-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-devel-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-headless-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-javadoc-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-javadoc-zip-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-src-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-demo-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-demo-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-devel-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-devel-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-headless-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-headless-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-src-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-src-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.12.0.7-2.0.1.el8.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//java-17-openjdk-17.0.12.0.7-2.0.1.el8.src.rpm

Related CVEs:

CVE-2024-21131
CVE-2024-21138
CVE-2024-21140
CVE-2024-21145
CVE-2024-21147




Description of changes:

[1:17.0.12.0.7-2.0.1]
- Add Oracle vendor bug URL

[1:17.0.12.0.7-2]
- Update to jdk-17.0.12+7 (GA)
- Update .gitignore to ignore openjdk-17.0.12+7.tar.xz
- Sync java-17-openjdk-portable.specfile
- Set buildver to 7
- Set portablerelease 1
- Set is_ga to 1
- Update sources to openjdk-17.0.12+7.tar.xz
- Resolves: RHEL-46638
- Resolves: RHEL-46996
- ** This tarball is embargoed until 2024-07-16 @ 1pm PT. **

[1:17.0.12.0.6-0.2.ea]
- Set rpmrelease to 2

[1:17.0.12.0.6-0.1.ea]
- Set portablerelease to 2
- Related: RHEL-46638
- Add debuginfo section to rpminspect.yaml (OPENJDK-2904)
- Add unicode section to rpminspect.yaml (OPENJDK-2904)
- Add contents of fips-17u-e893be00150.patch

[1:17.0.12.0.6-0.1.ea]
- Add upstream patch that removes illegal RLO Unicode characters (JDK-8332174)
- Sync the copy of the portable specfile with the latest update

[1:17.0.12.0.6-0.1.ea]
- Delete fips-17u-d63771ea660.patch
- Add fips-17u-e893be00150.patch
- Update fipsver to e893be00150

[1:17.0.12.0.6-0.1.ea]
- generate_source_tarball.sh: Use tar exclude options for VCS files
- generate_source_tarball.sh: Improve VCS exclusion

[1:17.0.12.0.6-0.1.ea]
- generate_source_tarball.sh: Update examples in header for clarity
- generate_source_tarball.sh: Cleanup message issued when checkout already exists
- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP
- generate_source_tarball.sh: Only add --depth=1 on non-local repositories
- icedtea_sync.sh: Reinstate from rhel-8.9.0 branch
- Move maintenance scripts to a scripts subdirectory
- discover_trees.sh: Set compile-command and indentation instructions for Emacs
- discover_trees.sh: shellcheck: Do not use -o (SC2166)
- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: Add authorship
- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs
- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)
- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: Set compile-command and indentation instructions for Emacs
- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)
- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)
- generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST
- generate_source_tarball.sh: Double-quote DEPTH reference (SC2086)
- generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck

[1:17.0.12.0.6-0.1.ea]
- Update to jdk-17.0.12+6 (EA)
- Add openjdk-17.0.12+6-ea.tar.xz to .gitignore
- Set updatever to 12
- Set buildver to 6
- Set rpmrelease to 1
- Set is_ga to 0
- Update sources to openjdk-17.0.12+6-ea.tar.xz
- Require tzdata-java 2024a at runtime and for build (JDK-8325150)
- Update lcms2 bundled provides to 2.16.0
- Add zlib 1.3.1 bundled provides and zlib-devel build requirement (OPENJDK-3065)
- Use component in EPEL and Fedora bug URLs
- Label as error a designator mismatch
- Change a fix-me comment to a note instead
- Sync generate_source_tarball.sh from Fedora rawhide

More information about the El-errata mailing list