+++ This bug was initially created as a clone of Bug #28874 +++ Fedora has issued several advisories: - for java-1.8.0-openjdk: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/ - for java-11-openjdk: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/ - for java-latest-openjdk: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNRRXET6O5I74T5ZHSGPB5ZQTTJVIHQD/ Corresponding Oracle CPU: https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA
Depends on: 28874 => (none)
mageia 8 src: - java-11-openjdk-11.0.11.0.9-0.1.mga8 - copy-jdk-configs-4.0-1.mga8 - java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga8
Assignee: bugsquad => qa-bugsDepends on: (none) => 28874
openjdk 11 The following 6 packages are going to be installed: - copy-jdk-configs-4.0-1.mga8.noarch - java-11-openjdk-11.0.11.0.9-0.1.mga8.x86_64 - java-11-openjdk-devel-11.0.11.0.9-0.1.mga8.x86_64 - java-11-openjdk-headless-11.0.11.0.9-0.1.mga8.x86_64 - java-11-openjdk-javadoc-zip-11.0.11.0.9-0.1.mga8.x86_64 - java-11-openjdk-jmods-11.0.11.0.9-0.1.mga8.x86_64 $ java -version openjdk version "11.0.11" 2021-04-20 LTS OpenJDK Runtime Environment 18.9 (build 11.0.11+9-LTS) OpenJDK 64-Bit Server VM 18.9 (build 11.0.11+9-LTS, mixed mode, sharing) $ javac -version javac 11.0.11 installed eclipse and java dev modules and created hello world app. Eclipse is using 11.0.11.0.9 and compiled as such. Working as designed.
CC: (none) => brtians1
MGA8 - 64, Gnome, Vbox Installed the following - note 11 came along with 8 The following 19 packages are going to be installed: - copy-jdk-configs-4.0-1.mga8.noarch - java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga8.x86_64 - java-1.8.0-openjdk-demo-1.8.0.292.b10-1.1.mga8.x86_64 - java-1.8.0-openjdk-demo-fastdebug-1.8.0.292.b10-1.1.mga8.x86_64 - java-1.8.0-openjdk-devel-1.8.0.292.b10-1.1.mga8.x86_64 - java-1.8.0-openjdk-devel-fastdebug-1.8.0.292.b10-1.1.mga8.x86_64 - java-1.8.0-openjdk-fastdebug-1.8.0.292.b10-1.1.mga8.x86_64 - java-1.8.0-openjdk-headless-1.8.0.292.b10-1.1.mga8.x86_64 - java-1.8.0-openjdk-headless-fastdebug-1.8.0.292.b10-1.1.mga8.x86_64 - java-1.8.0-openjdk-javadoc-zip-1.8.0.292.b10-1.1.mga8.noarch - java-1.8.0-openjdk-openjfx-1.8.0.292.b10-1.1.mga8.x86_64 - java-1.8.0-openjdk-openjfx-devel-1.8.0.292.b10-1.1.mga8.x86_64 - java-11-openjdk-11.0.11.0.9-0.1.mga8.x86_64 - java-11-openjdk-devel-11.0.11.0.9-0.1.mga8.x86_64 - java-11-openjdk-headless-11.0.11.0.9-0.1.mga8.x86_64 - openjfx8-8.0.202-25.b07.2.mga8.x86_64 - openjfx8-devel-8.0.202-25.b07.2.mga8.x86_64 - x11-font-type1-1.0.0-16.mga8.noarch - x11-font-xfree86-type1-1.0.4-9.mga8.noarch Installed Eclipse and picked out java 8 environment. Then set up this program: package helloWorld; public class Hellobrian { public static void main(String[] args) { System.out.println("Hello Java"); System.out.println(System.getProperty("java.version")); } } ----console output Hello Java 1.8.0_292
Whiteboard: (none) => MGA8-64-OK
Validating.
CC: (none) => andrewsfarmKeywords: (none) => validated_update
Advisory: ======================== Updated java packages fix security vulnerabilities: For java-1.8.0 ## Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing - JDK-8253799: Make lists of normal filenames ## Other significant changes - JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default - JDK-8244286: Tools Warn If Weak Algorithms Are Used - JDK-8256490: Disable TLS 1.0 and 1.1 - JDK-8242147: New System Properties to Configure the TLS Signature Schemes - JDK-8177368: Several incorporation steps are silently failing when an error should be reported For java-11 ## Security fixes - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing - JDK-8253799: Make lists of normal filenames - JDK-8257001: Improve HTTP Client Support ## Other significant changes - LDAP Channel Binding Support for Java GSS/Kerberos - Disable TLS 1.0 and 1.1 - jdeps --print-module-deps Reports Transitive Dependencies - XML declaration is not followed by a newline - SystemTap tapsets updated to support OpenJDK 11 References: - https://bugs.mageia.org/show_bug.cgi?id=29145 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/ - https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA ======================== Updated packages in core/updates_testing: ======================== copy-jdk-configs-4.0-1.mga8 java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga8 java-1.8.0-openjdk-demo-1.8.0.292.b10-1.1.mga8 java-1.8.0-openjdk-devel-1.8.0.292.b10-1.1.mga8 java-1.8.0-openjdk-headless-1.8.0.292.b10-1.1.mga8 java-1.8.0-openjdk-javadoc-1.8.0.292.b10-1.1.mga8 java-1.8.0-openjdk-javadoc-zip-1.8.0.292.b10-1.1.mga8 java-1.8.0-openjdk-openjfx-1.8.0.292.b10-1.1.mga8 java-1.8.0-openjdk-openjfx-devel-1.8.0.292.b10-1.1.mga8 java-1.8.0-openjdk-src-1.8.0.292.b10-1.1.mga8 java-11-openjdk-11.0.11.0.9-0.1.mga8 java-11-openjdk-demo-11.0.11.0.9-0.1.mga8 java-11-openjdk-devel-11.0.11.0.9-0.1.mga8 java-11-openjdk-headless-11.0.11.0.9-0.1.mga8 java-11-openjdk-javadoc-11.0.11.0.9-0.1.mga8 java-11-openjdk-javadoc-zip-11.0.11.0.9-0.1.mga8 java-11-openjdk-jmods-11.0.11.0.9-0.1.mga8 java-11-openjdk-src-11.0.11.0.9-0.1.mga8 java-11-openjdk-static-libs-11.0.11.0.9-0.1.mga8 from SRPM: java-11-openjdk-11.0.11.0.9-0.1.mga8 copy-jdk-configs-4.0-1.mga8 java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga8
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0298.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Depends on: 28874 => (none)Blocks: (none) => 28874