RedHat has issued several advisories: https://access.redhat.com/errata/RHSA-2023:0203 (java-1.8.0-openjdk) https://access.redhat.com/errata/RHSA-2023:0200 (java-11-openjdk) Corresponding Oracle CPU: https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA
CC: (none) => nicolas.salgueroWhiteboard: (none) => MGA8TOOSource RPM: (none) => java-1.8.0-openjdk, java-11-openjdk
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Improper restrictions in CORBA deserialization. (CVE-2023-21830) Handshake DoS attack against DTLS connections. (CVE-2023-21835) Soundbank URL remote loading. (CVE-2023-21843) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21830 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21843 https://access.redhat.com/errata/RHSA-2023:0203 https://access.redhat.com/errata/RHSA-2023:0200 https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA ======================== Updated packages in core/updates_testing: ======================== java-1.8.0-openjdk-src-fastdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-src-slowdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-src-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-demo-slowdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-demo-fastdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-demo-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-devel-slowdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-slowdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-fastdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-openjfx-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-openjfx-fastdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-openjfx-devel-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-openjfx-devel-fastdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-devel-fastdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-devel-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-debugsource-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-headless-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-headless-fastdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-headless-slowdebug-1.8.0.362.b09-1.mga8 java-1.8.0-openjdk-javadoc-1.8.0.362.b09-1.mga8 java-11-openjdk-demo-slowdebug-11.0.18.0.10-1.mga8 java-11-openjdk-demo-fastdebug-11.0.18.0.10-1.mga8 java-11-openjdk-demo-11.0.18.0.10-1.mga8 java-11-openjdk-slowdebug-11.0.18.0.10-1.mga8 java-11-openjdk-devel-fastdebug-11.0.18.0.10-1.mga8 java-11-openjdk-devel-slowdebug-11.0.18.0.10-1.mga8 java-11-openjdk-devel-11.0.18.0.10-1.mga8 java-11-openjdk-fastdebug-11.0.18.0.10-1.mga8 java-11-openjdk-11.0.18.0.10-1.mga8 java-11-openjdk-javadoc-zip-11.0.18.0.10-1.mga8 java-11-openjdk-src-slowdebug-11.0.18.0.10-1.mga8 java-11-openjdk-src-11.0.18.0.10-1.mga8 java-11-openjdk-src-fastdebug-11.0.18.0.10-1.mga8 java-11-openjdk-debugsource-11.0.18.0.10-1.mga8 java-11-openjdk-jmods-slowdebug-11.0.18.0.10-1.mga8 java-11-openjdk-headless-slowdebug-debuginfo-11.0.18.0.10-1.mga8 java-11-openjdk-static-libs-slowdebug-11.0.18.0.10-1.mga8 java-11-openjdk-headless-11.0.18.0.10-1.mga8 java-11-openjdk-static-libs-11.0.18.0.10-1.mga8 java-11-openjdk-static-libs-fastdebug-11.0.18.0.10-1.mga8 java-11-openjdk-jmods-fastdebug-11.0.18.0.10-1.mga8 java-11-openjdk-headless-fastdebug-11.0.18.0.10-1.mga8 java-11-openjdk-jmods-11.0.18.0.10-1.mga8 java-11-openjdk-javadoc-11.0.18.0.10-1.mga8 java-11-openjdk-headless-slowdebug-11.0.18.0.10-1.mga8 timezone-2022g-1.mga8 timezone-java-2022g-1.mga8 from SRPMS: java-1.8.0-openjdk-1.8.0.362.b09-1.mga8.src.rpm java-11-openjdk-11.0.18.0.10-1.mga8.src.rpm timezone-2022g-1.mga8.src.rpm
Status: NEW => ASSIGNEDWhiteboard: MGA8TOO => (none)Source RPM: java-1.8.0-openjdk, java-11-openjdk => java-1.8.0-openjdk, java-11-openjdk, timezoneVersion: Cauldron => 8Assignee: bugsquad => qa-bugs
mga8-64 mini test Updated what is installed: - java-1.8.0-openjdk-1.8.0.362.b09-1.mga8.x86_64 - java-1.8.0-openjdk-headless-1.8.0.362.b09-1.mga8.x86_64 - java-11-openjdk-11.0.18.0.10-1.mga8.x86_64 - java-11-openjdk-headless-11.0.18.0.10-1.mga8.x86_64 - timezone-2022g-1.mga8.x86_64 - timezone-java-2022g-1.mga8.noarch Tested OK java-1.8 by using java program FriBok (Swedish invoice and accounting), incl printing.
CC: (none) => fri
mga8-64 minitest java-11 OK; Using the java based mind map program freeplane; Start script selects to use "java_version = 11.0.18" And the program works OK.
Installed and tested without issues. Tested using netbeans (upstream), edugraphe, ganttproject, libreoffice, yuicompressor, and freecol. That is all programs that I have installed and depends on java. No regressions noticed. System: Mageia 8, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver. $ uname -a Linux jupiter 6.1.6-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Jan 14 13:18:00 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep java-11 java-11-openjdk-headless-11.0.18.0.10-1.mga8 java-11-openjdk-11.0.18.0.10-1.mga8 $ rpm -qa | grep timezone timezone-2022e-1.mga8 timezone-java-2022g-1.mga8
CC: (none) => mageia
Tested on a Probook 6550b mga8-64 Plasma system. Qarepo couldn't find the two "debugsource" rpms or the "debuginfo" one, but I don't believe they belonged on the list, anyway. It did find the rest, and I updated the packages already installed: The following 4 packages are going to be installed: - java-11-openjdk-11.0.18.0.10-1.mga8.x86_64 - java-11-openjdk-headless-11.0.18.0.10-1.mga8.x86_64 - timezone-2022g-1.mga8.x86_64 - timezone-java-2022g-1.mga8.noarch No installation issues. When asked about using rpmnew config files or doing nothing, I chose the new files. Tested with Libreoffice, which I believe is the only application I have installed that uses them. I loaded and manipulated some old spreadsheets with Calc, then loaded an old odt document with Writer. Because the old Windows 98SE font used with the odt document had not been installed, Writer substituted a plain sans serif font, as it is supposed to do. After installing the Windows fonts, I again loaded the odt document, which displayed correctly in the original font. Because of this and the other successful tests, I'm giving this an OK, and validating. Advisory in comment 1.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0037.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED