+++ This bug was initially created as a clone of Bug #30753 +++ RedHat has issued several advisories: https://access.redhat.com/errata/RHSA-2022:5726 (java-17-openjdk) https://access.redhat.com/errata/RHSA-2022:6999 (java-17-openjdk) Corresponding Oracle CPUs: https://www.oracle.com/security-alerts/cpujul2022.html#AppendixJAVA https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA
Source RPM: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk => java-17-openjdk, java-latest-openjdk
Assigning to the Java maintainers.
Assignee: bugsquad => java
RedHat has issued another advisory: https://access.redhat.com/errata/RHSA-2023:0194 (java-17-openjdk) Corresponding Oracle CPU: https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA
Hi, java-17-openjdk-17.0.6.0.10-1.mga9 solves those issues. java-latest-openjdk needs to be updated. Best regards, Nico.
RedHat has issued another advisory: https://access.redhat.com/errata/RHSA-2023:1904 (java-1.8.0-openjdk) https://access.redhat.com/errata/RHSA-2023:1880 (java-11-openjdk) https://access.redhat.com/errata/RHSA-2023:1879 (java-17-openjdk) Corresponding Oracle CPU: https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA
Source RPM: java-17-openjdk, java-latest-openjdk => java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdkSummary: java-17-openjdk and java-latest-openjdk new security issues => java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk and java-latest-openjdk new security issues
Whiteboard: (none) => MGA8TOO
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Improper connection handling during TLS handshake. (CVE-2023-21930) Incorrect enqueue of references in garbage collector. (CVE-2023-21954) Certificate validation issue in TLS session negotiation. (CVE-2023-21967) Swing HTML parsing issue. (CVE-2023-21939) Incorrect handling of NULL characters in ProcessBuilder. (CVE-2023-21938) Missing string checks for NULL characters. (CVE-2023-21937) Missing check for slash characters in URI-to-path conversion. (CVE-2023-21968) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21930 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21954 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21967 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21939 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21938 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21937 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21968 https://access.redhat.com/errata/RHSA-2023:1904 https://access.redhat.com/errata/RHSA-2023:1880 https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA ======================== Updated packages in core/updates_testing: ======================== java-1.8.0-openjdk-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-demo-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-devel-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-headless-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-openjfx-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-openjfx-fastdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-openjfx-devel-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-openjfx-devel-fastdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-src-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.mga8 java-11-openjdk-11.0.19.0.7-2.mga8 java-11-openjdk-debugsource-11.0.19.0.7-2.mga8 java-11-openjdk-demo-11.0.19.0.7-2.mga8 java-11-openjdk-demo-fastdebug-11.0.19.0.7-2.mga8 java-11-openjdk-demo-slowdebug-11.0.19.0.7-2.mga8 java-11-openjdk-devel-11.0.19.0.7-2.mga8 java-11-openjdk-devel-fastdebug-11.0.19.0.7-2.mga8 java-11-openjdk-devel-slowdebug-11.0.19.0.7-2.mga8 java-11-openjdk-fastdebug-11.0.19.0.7-2.mga8 java-11-openjdk-javadoc-11.0.19.0.7-2.mga8 java-11-openjdk-javadoc-zip-11.0.19.0.7-2.mga8 java-11-openjdk-jmods-11.0.19.0.7-2.mga8 java-11-openjdk-jmods-fastdebug-11.0.19.0.7-2.mga8 java-11-openjdk-jmods-slowdebug-11.0.19.0.7-2.mga8 java-11-openjdk-headless-11.0.19.0.7-2.mga8 java-11-openjdk-headless-fastdebug-11.0.19.0.7-2.mga8 java-11-openjdk-headless-slowdebug-11.0.19.0.7-2.mga8 java-11-openjdk-slowdebug-11.0.19.0.7-2.mga8 java-11-openjdk-src-11.0.19.0.7-2.mga8 java-11-openjdk-src-fastdebug-11.0.19.0.7-2.mga8 java-11-openjdk-src-slowdebug-11.0.19.0.7-2.mga8 java-11-openjdk-static-libs-11.0.19.0.7-2.mga8 java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-2.mga8 java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-2.mga8 from SRPMS: java-1.8.0-openjdk-1.8.0.372.b07-1.mga8.src.rpm java-11-openjdk-11.0.19.0.7-2.mga8.src.rpm
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Status: NEW => ASSIGNEDAssignee: java => qa-bugs
1 installation transactions failed There was a problem during the installation: file /usr/lib/.build-id/6f/8d77d8bcb9b1be4f75b6027195ac0fbec73dd1 from install of openjfx8-8.0.202-25.b07.2.mga8.x86_64 conflicts with file from package openjfx-3:11.0.9.2-3.mga8.x86_64 file /usr/lib/.build-id/6f/8d77d8bcb9b1be4f75b6027195ac0fbec73dd1 from install of openjfx8-8.0.202-25.b07.2.mga8.x86_64 conflicts with file from package openjfx-devel-3:11.0.9.2-3.mga8.x86_64
CC: (none) => herman.viaene
CC: (none) => mageia
(In reply to Herman Viaene from comment #6) > 1 installation transactions failed > > There was a problem during the installation: > > file /usr/lib/.build-id/6f/8d77d8bcb9b1be4f75b6027195ac0fbec73dd1 from > install of openjfx8-8.0.202-25.b07.2.mga8.x86_64 conflicts with file from > package openjfx-3:11.0.9.2-3.mga8.x86_64 > > file /usr/lib/.build-id/6f/8d77d8bcb9b1be4f75b6027195ac0fbec73dd1 from > install of openjfx8-8.0.202-25.b07.2.mga8.x86_64 conflicts with file from > package openjfx-devel-3:11.0.9.2-3.mga8.x86_64 This issue came up in https://bugs.mageia.org/show_bug.cgi?id=30753#c11 but was later ignored. What can be done to resolve it?
CC: (none) => andrewsfarmKeywords: (none) => feedback
Installed and tested without issues. I don't have the package openjfx installed so I do not see the file conflict reported by @Herman Viaene. Tested with: - netbeans (upstream) - edugraphe - ganttproject - libreoffice - yuicompressor - freecol. No regressions noticed. System: Mageia 8, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver. $ uname -a Linux jupiter 6.1.34-desktop-2.mga8 #1 SMP PREEMPT_DYNAMIC Wed Jun 14 19:14:11 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep -P '(java-11|java-1.8.0|openjfx)' | sort java-11-openjdk-11.0.19.0.7-2.mga8 java-11-openjdk-headless-11.0.19.0.7-2.mga8 java-1.8.0-openjdk-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-headless-1.8.0.372.b07-1.mga8 java-1.8.0-openjdk-openjfx-1.8.0.372.b07-1.mga8 openjfx8-8.0.202-25.b07.2.mga8
(In reply to Thomas Andrews from comment #7) > (In reply to Herman Viaene from comment #6) > > 1 installation transactions failed > > > > There was a problem during the installation: > > > > file /usr/lib/.build-id/6f/8d77d8bcb9b1be4f75b6027195ac0fbec73dd1 from > > install of openjfx8-8.0.202-25.b07.2.mga8.x86_64 conflicts with file from > > package openjfx-3:11.0.9.2-3.mga8.x86_64 > > > > file /usr/lib/.build-id/6f/8d77d8bcb9b1be4f75b6027195ac0fbec73dd1 from > > install of openjfx8-8.0.202-25.b07.2.mga8.x86_64 conflicts with file from > > package openjfx-devel-3:11.0.9.2-3.mga8.x86_64 > > This issue came up in https://bugs.mageia.org/show_bug.cgi?id=30753#c11 but > was later ignored. What can be done to resolve it? I think the file conflict should be fixed but since this is a security update and is already waiting for over a month and the file conflict issue is not a regression I think it would be best for this to be pushed forward and a new bug report for the file conflict should be open.
Hi, I close that bug because it is replaced by bug 32203. Best regards, Nico.
Status: ASSIGNED => RESOLVEDResolution: (none) => OLD
Linking the bugs so the info isn't lost. *** This bug has been marked as a duplicate of bug 32203 ***
Resolution: OLD => DUPLICATE