Fedora alert FEDORA-2020-fdc79d8e5b (java-11-openjdk)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 32 Update: java-11-openjdk-11.0.9.11-0.fc32 | |
| Date: | Sat, 31 Oct 2020 02:02:10 +0000 | |
| Message-ID: | <20201031020210.530CE30E4495@bastion01.iad2.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-fdc79d8e5b 2020-10-31 02:01:12.817715 -------------------------------------------------------------------------------- Name : java-11-openjdk Product : Fedora 32 Version : 11.0.9.11 Release : 0.fc32 URL : http://openjdk.java.net/ Summary : OpenJDK Runtime Environment 11 Description : The OpenJDK runtime environment. -------------------------------------------------------------------------------- Update Information: New in release OpenJDK 11.0.9 (2020-10-20): =========================================== Full versions of these release notes can be found at: * https://bitly.com/openjdk1109 * https://builds.shipilev.net/backports-monitor/release-not... ## Security fixes - JDK-8233624: Enhance JNI linkage - JDK-8236196: Improve string pooling - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts - JDK-8237995, CVE-2020-14782: Enhance certificate processing - JDK-8240124: Better VM Interning - JDK-8241114, CVE-2020-14792: Better range handling - JDK-8242680, CVE-2020-14796: Improved URI Support - JDK-8242685, CVE-2020-14797: Better Path Validation - JDK-8242695, CVE-2020-14798: Enhanced buffer support - JDK-8243302: Advanced class supports - JDK-8244136, CVE-2020-14803: Improved Buffer supports - JDK-8244479: Further constrain certificates - JDK-8244955: Additional Fix for JDK-8240124 - JDK-8245407: Enhance zoning of times - JDK-8245412: Better class definitions - JDK-8245417: Improve certificate chain handling - JDK-8248574: Improve jpeg processing - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit - JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b Following JDK's update to tzdata2020b, the long- obsolete files pacificnew and systemv have been removed. As a result, the "US/Pacific-New" zone name declared in the pacificnew data file is no longer available for use. Information regarding the update can be viewed at https://mm.icann.org/pipermail/tz-announce/2020-October/0... -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-0 - Update to jdk-11.0.9+11 - Drop JDK-8247874 backport now applied upstream. - JDK-8245832 increases the set of static libraries, so try and include them all with a wildcard. - Cleanup architecture and JVM feature handling in preparation for using upstreamed Shenandoah. - With Shenandoah now upstream in OpenJDK 11, we can use jdk-updates/jdk11 directly - Update tarball generation script to use PR3802, handling JDK-8233228 & JDK-8177334 - Update release notes for 11.0.9 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Temporarily roll back tzdata build requirement while tzdata update is still in testing * Mon Oct 19 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.9.11-0 - Update static-libs packaging to new layout - Fix directory ownership of static-libs package -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-fdc79d8e5b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann...