openjdk-8 8u151-b12-0ubuntu0.17.10.2 source package in Ubuntu
Changelog
openjdk-8 (8u151-b12-0ubuntu0.17.10.2) artful-security; urgency=medium * Update to 8u151-b12. Hotspot 8u144-b01 for aarch32 with 8u151 hotspot patches. * Security patches: - CVE-2017-10274, S8169026: Handle smartcard clean up better. If a CardImpl can be recovered via finalization, then separate instances pointing to the same device can be created. - CVE-2017-10281, S8174109: Better queuing priorities. PriorityQueue's readObject allocates an array based on data in the stream which could cause an OOM. - CVE-2017-10285, S8174966: Unreferenced references. RMI's Unreferenced thread can be used as the root of a Trusted Method Chain. - CVE-2017-10295, S8176751: Better URL connections. On Ubuntu (and possibly other Linux flavors) CR-NL in the host field are ignored and can be used to inject headers in an HTTP request stream. - CVE-2017-10388, S8178794: Correct Kerberos ticket grants. Kerberos implementations can incorrectly take information from the unencrypted portion of the ticket from the KDC. This can lead to an MITM attack impersonating Kerberos services. - CVE-2017-10346, S8180711: Better alignment of special invocations. A missing load constraint for some invokespecial cases can allow invoking a method from an unrelated class. - CVE-2017-10350, S8181100: Better Base Exceptions. An array is allocated based on data in the serial stream without a limit onthe size. - CVE-2017-10347, S8181323: Better timezone processing. An array is allocated based on data in the serial stream without a limit on the size. - CVE-2017-10349, S8181327: Better Node predications. An array is allocated based on data in the serial stream without a limit onthe size. - CVE-2017-10345, S8181370: Better keystore handling. A malicious serialized object in a keystore can cause a DoS when using keytool. - CVE-2017-10348, S8181432: Better processing of unresolved permissions. An array is allocated based on data in the serial stream without a limit onthe size. - CVE-2017-10357, S8181597: Process Proxy presentation. A malicious serialized stream could cause an OOM due to lack on checking on the number of interfaces read from the stream for a Proxy. - CVE-2017-10355, S8181612: More stable connection processing. If an attack can cause an application to open a connection to a malicious FTP server (e.g., via XML), then a thread can be tied up indefinitely in accept(2). - CVE-2017-10356, S8181692: Update storage implementations. JKS and JCEKS keystores should be retired from common use in favor of more modern keystore protections. - CVE-2016-10165, S8183028: Improve CMS header processing. Missing bounds check could lead to leaked memory contents. - CVE-2016-9841, S8184682: Upgrade compression library. There were four off by one errors found in the zlib library. Two of them are long typed which could lead to RCE. * debian/rules: - own /usr/share/man/man1 since we use it in the postinst script. Closes: #863199. - openjdk8 now ships limited and unlimited policy.jar files (S8157561) into their own directories under jre/lib/security/policy, thus we must to copy those directories instead of the policy.jar files. * debian/rules, debian/patches/sec-webrev-8u151-hotspot-8179084.patch, debian/patches/sec-webrev-8u151-hotspot-8180711.patch: apply hotspot security updates to both aarch32 and aarch64. * debian/patches/gcc6.diff, debian/patches/aarch64.diff, debian/patches/aarch32.diff, debian/patches/m68k-support.diff, debian/patches/system-libjpeg.diff: removed hunks related to the common/autoconf/generated-configure.sh file as we regenerate it, no need to keep maintaining those. * debian/patches/hotspot-ppc64el-S8168318-cmpldi.patch: use cmpldi instead of li/cmpld. LP: #1723893. * debian/patches/hotspot-ppc64el-S8170328-andis.patch: use andis instead of lis/and. LP: #1723862. * debian/patches/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch: add Montgomery multiply intrinsic. LP: #1723860. * debian/patches/hotspot-ppc64el-S8181810-leverage-extrdi.patch: leverage extrdi for bitfield extract is absent in OpenJDK 8. LP: #1723861. * debian/patches/jdk-S8165852-overlayfs.patch: mount point not found for a file which is present in overlayfs. -- Tiago Stürmer Daitx <email address hidden> Mon, 23 Oct 2017 22:43:02 +0000
Upload details
- Uploaded by:
- Tiago Stürmer Daitx
- Uploaded to:
- Artful
- Original maintainer:
- Ubuntu Developers
- Architectures:
- alpha amd64 armel armhf arm64 i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el m68k sh4 sparc sparc64 s390x x32 kfreebsd-i386 kfreebsd-amd64 all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
openjdk-8_8u151-b12.orig.tar.bz2 | 67.1 MiB | eac46e7eb87e15144697043feca86f1fa0cbcf0eaf84de765a57405116140b49 |
openjdk-8_8u151-b12-0ubuntu0.17.10.2.debian.tar.xz | 247.1 KiB | 0fdd18f2104928694575370fc4eb087e50f213a10477ed0dffe89ebdde9503b7 |
openjdk-8_8u151-b12-0ubuntu0.17.10.2.dsc | 4.5 KiB | 42c0484753d4ce94522ac3c9094f996ec2b0e96959de6c159c0e1434c957cd51 |
Available diffs
Binary packages built by this source
- openjdk-8-dbg: No summary available for openjdk-8-dbg in ubuntu artful.
No description available for openjdk-8-dbg in ubuntu artful.
- openjdk-8-demo: No summary available for openjdk-8-demo in ubuntu artful.
No description available for openjdk-8-demo in ubuntu artful.
- openjdk-8-doc: No summary available for openjdk-8-doc in ubuntu artful.
No description available for openjdk-8-doc in ubuntu artful.
- openjdk-8-jdk: No summary available for openjdk-8-jdk in ubuntu artful.
No description available for openjdk-8-jdk in ubuntu artful.
- openjdk-8-jdk-headless: No summary available for openjdk-8-jdk-headless in ubuntu artful.
No description available for openjdk-
8-jdk-headless in ubuntu artful.
- openjdk-8-jre: No summary available for openjdk-8-jre in ubuntu artful.
No description available for openjdk-8-jre in ubuntu artful.
- openjdk-8-jre-headless: No summary available for openjdk-8-jre-headless in ubuntu artful.
No description available for openjdk-
8-jre-headless in ubuntu artful.
- openjdk-8-jre-zero: No summary available for openjdk-8-jre-zero in ubuntu artful.
No description available for openjdk-8-jre-zero in ubuntu artful.
- openjdk-8-source: No summary available for openjdk-8-source in ubuntu artful.
No description available for openjdk-8-source in ubuntu artful.