openjdk-8 8u151-b12-1 source package in Ubuntu
Changelog
openjdk-8 (8u151-b12-1) unstable; urgency=high
* Update to 8u151-b12. Hotspot 8u144-b01 for aarch32 with 8u151 hotspot
patches.
[ Tiago Stürmer Daitx ]
* Security patches:
- CVE-2017-10274, S8169026: Handle smartcard clean up better. If a
CardImpl can be recovered via finalization, then separate instances
pointing to the same device can be created.
- CVE-2017-10281, S8174109: Better queuing priorities. PriorityQueue's
readObject allocates an array based on data in the stream which could
cause an OOM.
- CVE-2017-10285, S8174966: Unreferenced references. RMI's Unreferenced
thread can be used as the root of a Trusted Method Chain.
- CVE-2017-10295, S8176751: Better URL connections. On Ubuntu (and
possibly other Linux flavors) CR-NL in the host field are ignored and
can be used to inject headers in an HTTP request stream.
- CVE-2017-10388, S8178794: Correct Kerberos ticket grants. Kerberos
implementations can incorrectly take information from the unencrypted
portion of the ticket from the KDC. This can lead to an MITM attack
impersonating Kerberos services.
- CVE-2017-10346, S8180711: Better alignment of special invocations. A
missing load constraint for some invokespecial cases can allow invoking
a method from an unrelated class.
- CVE-2017-10350, S8181100: Better Base Exceptions. An array is allocated
based on data in the serial stream without a limit onthe size.
- CVE-2017-10347, S8181323: Better timezone processing. An array is
allocated based on data in the serial stream without a limit on the
size.
- CVE-2017-10349, S8181327: Better Node predications. An array is
allocated based on data in the serial stream without a limit onthe size.
- CVE-2017-10345, S8181370: Better keystore handling. A malicious
serialized object in a keystore can cause a DoS when using keytool.
- CVE-2017-10348, S8181432: Better processing of unresolved permissions.
An array is allocated based on data in the serial stream without a limit
onthe size.
- CVE-2017-10357, S8181597: Process Proxy presentation. A malicious
serialized stream could cause an OOM due to lack on checking on the
number of interfaces read from the stream for a Proxy.
- CVE-2017-10355, S8181612: More stable connection processing. If an
attack can cause an application to open a connection to a malicious FTP
server (e.g., via XML), then a thread can be tied up indefinitely in
accept(2).
- CVE-2017-10356, S8181692: Update storage implementations. JKS and JCEKS
keystores should be retired from common use in favor of more modern
keystore protections.
- CVE-2016-10165, S8183028: Improve CMS header processing. Missing bounds
check could lead to leaked memory contents.
- CVE-2016-9841, S8184682: Upgrade compression library. There were four
off by one errors found in the zlib library. Two of them are long typed
which could lead to RCE.
* debian/rules:
- openjdk8 now ships limited and unlimited policy.jar files (S8157561)
into their own directories under jre/lib/security/policy.
* debian/rules, d/p/sec-webrev-8u151-hotspot-8179084.patch,
d/p/sec-webrev-8u151-hotspot-8180711.patch: Apply hotspot security updates
to both aarch32 and aarch64.
* d/p/gcc6.diff, d/p/aarch64.diff, d/p/aarch32.diff, d/p/m68k-support.diff,
d/p/system-libjpeg.diff: Remove hunks related to the generated configure
file generated during the build.
* d/p/hotspot-ppc64el-S8168318-cmpldi.patch: Use cmpldi instead of li/cmpld.
LP: #1723893.
* d/p/hotspot-ppc64el-S8170328-andis.patch: Use andis instead of lis/and.
LP: #1723862.
* d/p/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch: Add
Montgomery multiply intrinsic. LP: #1723860.
* d/p/hotspot-ppc64el-S8181810-leverage-extrdi.patch: Leverage extrdi for
bitfield extract is absent in OpenJDK 8. LP: #1723861.
* d/p/jdk-S8165852-overlayfs.patch: Mount point not found for a file which
is present in overlayfs.
[ Matthias Klose ]
* Bump standards version.
-- Matthias Klose <email address hidden> Wed, 01 Nov 2017 07:12:56 +0100
Upload details
- Uploaded by:
- Matthias Klose
- Uploaded to:
- Bionic
- Original maintainer:
- OpenJDK
- Architectures:
- alpha amd64 armel armhf arm64 i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el m68k sh4 sparc sparc64 s390x x32 kfreebsd-i386 kfreebsd-amd64 all
- Section:
- java
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| openjdk-8_8u151-b12.orig.tar.gz | 66.9 MiB | 3a81eb858ceadaab9a14190aae800aace0f1b5f86b2e9707b9a9e30b7aca248c |
| openjdk-8_8u151-b12-1.debian.tar.xz | 246.9 KiB | eb56f974b8761e9287037b40d1eefb8ebd4773739c3d13a5f7e9b65ae69ace1a |
| openjdk-8_8u151-b12-1.dsc | 4.4 KiB | 96f2d6982f2de7d9006d851b7cbf9dfebb300c57bb65e3090c03e339cd2388eb |
Available diffs
- diff from 8u144-b01-2 (in Debian) to 8u151-b12-1 (147.6 MiB)
Binary packages built by this source
- openjdk-8-dbg: Java runtime based on OpenJDK (debugging symbols)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the debugging symbols.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-demo: Java runtime based on OpenJDK (demos and examples)
OpenJDK Java runtime
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-doc: OpenJDK Development Kit (JDK) documentation
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the API documentation.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jdk: OpenJDK Development Kit (JDK)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This binary package extends the headless JDK with GUI-specific
utilities, libraries and, as necessary, package dependencies.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jdk-headless: OpenJDK Development Kit (JDK) (headless)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This binary package contains almost the full JDK, except for some
tools (appletviewer, jconsole) and headers (jawt) that make sense
only in GUI environments.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre: OpenJDK Java runtime, using Hotspot JIT
Full Java runtime environment - needed for executing Java GUI and Webstart
programs, using Hotspot JIT.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre-headless: OpenJDK Java runtime, using Hotspot JIT (headless)
Minimal Java runtime - needed for executing non GUI Java programs,
using Hotspot JIT.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre-zero: Alternative JVM for OpenJDK, using Zero/Shark
The package provides an alternative runtime using the Zero VM and the
Shark Just In Time Compiler (JIT). Built on architectures in addition
to the Hotspot VM as a debugging aid for those architectures which don't
have a Hotspot VM.
.
The VM is started with the option `-zero'. See the README.Debian for details.
- openjdk-8-source: OpenJDK Development Kit (JDK) source files
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the Java programming language source files
(src.zip) for all classes that make up the Java core API.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
