RedHat has issued an advisory today (July 20): https://rhn.redhat.com/errata/RHSA-2016-1458.html Corresponding Oracle CPU: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Whiteboard: (none) => MGA5TOO
CC: (none) => nicolas.salguero
CC: (none) => marja11Assignee: bugsquad => mageia
Fedora has updated it in git today finally, and I have synced it. Question for Nicolas Salguero: Is there anything more we need to do before we push it? Does the f8725698a870.tar.bz2 you added before need to be updated?
(In reply to David Walser from comment #1) > Question for Nicolas Salguero: > Is there anything more we need to do before we push it? Does the > f8725698a870.tar.bz2 you added before need to be updated? I added a new version of my script mga-add-missing-files.sh (because the previous version get the missing files from http://hg.openjdk.java.net/jdk8u/... whereas it should get those files from http://hg.openjdk.java.net/aarch64-port/...) and I launched that script to update Source1 (in this case, f8725698a870.tar.bz2 is replaced by 5e27ac7f7cbc.tar.bz2, using the command: "./mga-add-missing-files.sh aarch64-jdk8u101-b14"). We should update Source1 (by launching the script) each time we update java-1.8.0-openjdk to be sure the missing files in Source1 come from the same commit as the files in "aarch64-port-jdk8u-aarch64-..." tarball. Best regards, Nico.
Thanks Nicolas! Thomas, Nicolas has pushed the build for Mageia 5 to the build system already. Please push chkconfig and java-1.8.0-openjdk in Cauldron ASAP. Thanks.
CC: (none) => tmb
See https://bugs.mageia.org/show_bug.cgi?id=14051#c4 for useful links to test java Advisory: ======================== Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610). Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed (CVE-2016-3500, CVE-2016-3508). Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions (CVE-2016-3458, CVE-2016-3550). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3598 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3610 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html https://rhn.redhat.com/errata/RHSA-2016-1458.html ======================== Updated packages in core/updates_testing: ======================== java-1.8.0-openjdk-1.8.0.101-1.b14.1.mga5 java-1.8.0-openjdk-headless-1.8.0.101-1.b14.1.mga5 java-1.8.0-openjdk-devel-1.8.0.101-1.b14.1.mga5 java-1.8.0-openjdk-demo-1.8.0.101-1.b14.1.mga5 java-1.8.0-openjdk-src-1.8.0.101-1.b14.1.mga5 java-1.8.0-openjdk-javadoc-1.8.0.101-1.b14.1.mga5 java-1.8.0-openjdk-accessibility-1.8.0.101-1.b14.1.mga5 from java-1.8.0-openjdk-1.8.0.101-1.b14.1.mga5.src.rpm
Version: Cauldron => 5Assignee: mageia => qa-bugsWhiteboard: MGA5TOO => has_procedure
Hi! I tested the update on a Mageia 5 x86-64 VirtualBox VM and while it seems fine - I ran into some problems with the test procedure: 1. The applets in the first link are too 'whack-a-mole'-y and don't work. 2. The fourth link (with the stick runner game) does not work. I used https://docs.oracle.com/javase/tutorial/deployment/applet/examplesIndex.html instead. Marking as mga5-64-ok.
CC: (none) => shlomifWhiteboard: has_procedure => has_procedure MGA5-64-OK
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0273.html
Status: NEW => RESOLVEDResolution: (none) => FIXED