openjdk-8 8u91-b14-3ubuntu1~16.04.1 source package in Ubuntu
Changelog
openjdk-8 (8u91-b14-3ubuntu1~16.04.1) xenial-security; urgency=medium
* Backport to Ubuntu 16.04.
openjdk-8 (8u91-b14-3ubuntu1) yakkety; urgency=medium
* SECURITY UPDATE: IIOP Input Stream Hooking
- d/p/corba-8079718.patch: S8079718, CVE-2016-3458: defaultReadObject is
not forbidden in readObject in subclasses of InputStreamHook which
provides leverage to deserialize malicious objects if a reference to the
input stream can be obtained separately.
* SECURITY UPDATE: Complete name checking
- d/p/jaxp-8148872.patch: S8148872, CVE-2016-3500: In some cases raw names
in XML data are not checked for length limits allowing for DoS attacks.
* SECURITY UPDATE: Better delineation of XML processing
- d/p/jaxp-8149962.patch: S8149962, CVE-2016-3508: Denial of service
measures do not take newline characters into account. This can be used to
conduct attacks like the billion laughs DoS.
* SECURITY UPDATE: Coded byte streams
- d/p/hotspot-8152479.patch: S8152479, CVE-2016-3550: A fuzzed class file
triggers an integer overflow in array access.
* SECURITY UPDATE: Clean up lookup visibility
- d/p/jdk-8154475.patch: S8154475, CVE-2016-3587: A fast path change
allowed access to MH.invokeBasic via the public lookup object. MH.iB does
not do full type checking which can be used to create type confusion.
* SECURITY UPDATE: Bolster bytecode verification
- d/p/hotspot-8155981.patch: S8155981, CVE-2016-3606: The bytecode
verifier checks that any classes' <init> method calls super.<init> before
returning. There is a way to bypass this requirement which allows
creating subclasses of classes that are not intended to be extended.
* SECURITY UPDATE: Persistent Parameter Processing
- d/p/jdk-8155985.patch: S8155985, CVE-2016-3598: TOCTOU issue with types
List passed into dropArguments() which can be used to cause type
confusion.
* SECURITY UPDATE: Additional method handle validation
- d/p/jdk-8158571.patch: S8158571, CVE-2016-3610: MHs.filterReturnValue
does not check the filter parameter list size. The single expected
parameter is put in the last parameter position for the filter MH
allowing for type confusion.
* SECURITY UPDATE: Enforce GCM limits
- d/p/jdk-8146514.patch: S8146514: In GCM the counter should not be allowed
to wrap (per the spec), since that plus exposing the encrypted data could
lead to leaking information.
* SECURITY UPDATE: Construction of static protection domains
- d/p/jdk-8147771.patch: S8147771: SubjectDomainCombiner does not honor the
staticPermission field and will create ProtectionDomains that vary with
the system policy which may allow unexpected permission sets.
* SECURITY UPDATE: Share Class Data
- d/p/hotspot-8150752.patch: S8150752: Additional verification of AppCDS
archives is required to prevent an attacker from creating a type
confusion situation.
* SECURITY UPDATE: Enforce update ordering
- d/p/jdk-8149070.patch: S8149070: If the GCM methods update() and
updateAAD() are used out of order, the security of the system can be
weakened and an exception should be thrown to warn the developer.
* SECURITY UPDATE: Constrain AppCDS behavior
- d/p/hotspot-8153312.patch: S8153312: AppCDS does not create classloader
constraints upon reloading classes which could allow class spoofing under
some circumstances.
openjdk-8 (8u91-b14-3) unstable; urgency=medium
* Fix an issue with libatk-wrapper (Samuel Thibault). Closes: #827795.
* Update the KFreeBSD support patch (Steven Chamberlain). Closes: #825514.
* debian/patches/hotspot-JDK-8158260-ppc64el.patch: JDK-8158260, PPC64:
unaligned Unsafe.getInt can lead to the generation of illegal
instructions (Tiago Stürmer Daitx). LP: #1594393.
openjdk-8 (8u91-b14-2ubuntu1) yakkety; urgency=medium
* Disable the atk bridge again on Ubuntu yakkety (failing TCK tests).
openjdk-8 (8u91-b14-2) unstable; urgency=medium
* Set initial VMThreadStackSize to 1600 on s390x.
openjdk-8 (8u91-b14-1) unstable; urgency=high
* Drop unused g++-4.9 build dependency.
-- Tiago Stürmer Daitx <email address hidden> Fri, 16 Jul 2016 15:54:36 +0000
Upload details
- Uploaded by:
- Tiago Stürmer Daitx
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- alpha amd64 armel armhf arm64 i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el m68k sh4 sparc sparc64 s390x x32 kfreebsd-i386 kfreebsd-amd64 all
- Section:
- java
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| openjdk-8_8u91-b14.orig.tar.xz | 60.3 MiB | 2228dfdaf8389763b49fdb3a8457abbda74edd8dc3028fd21de4d47ad6d86282 |
| openjdk-8_8u91-b14-3ubuntu1~16.04.1.debian.tar.xz | 258.7 KiB | 3b66aee4cc05a3efaeab9d66e0361960372eb082b2d9210bf49bb0613477d15b |
| openjdk-8_8u91-b14-3ubuntu1~16.04.1.dsc | 4.5 KiB | e500d42a9f353cb1e9422beed89600064fa8fb42bf1493dc058dabdb7fe3aa3a |
Available diffs
Binary packages built by this source
- openjdk-8-dbg: Java runtime based on OpenJDK (debugging symbols)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the debugging symbols.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-demo: Java runtime based on OpenJDK (demos and examples)
OpenJDK Java runtime
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-demo-dbgsym: debug symbols for package openjdk-8-demo
OpenJDK Java runtime
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-doc: OpenJDK Development Kit (JDK) documentation
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the API documentation.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jdk: OpenJDK Development Kit (JDK)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jdk-dbgsym: debug symbols for package openjdk-8-jdk
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jdk-headless: OpenJDK Development Kit (JDK) (headless)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jdk-headless-dbgsym: debug symbols for package openjdk-8-jdk-headless
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre: OpenJDK Java runtime, using Hotspot Zero
Full Java runtime environment - needed for executing Java GUI and Webstart
programs, using Hotspot Zero.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre-dbgsym: debug symbols for package openjdk-8-jre
Full Java runtime environment - needed for executing Java GUI and Webstart
programs, using .
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre-headless: OpenJDK Java runtime, using Hotspot Zero (headless)
Minimal Java runtime - needed for executing non GUI Java programs,
using Hotspot Zero.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre-headless-dbgsym: debug symbols for package openjdk-8-jre-headless
Minimal Java runtime - needed for executing non GUI Java programs,
using .
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre-jamvm: Transitional package for obsolete JamVM for OpenJDK
JamVM support was removed for recent versions of OpenJDK 8.
.
This is a transitional package which can be safely removed.
- openjdk-8-jre-zero: Alternative JVM for OpenJDK, using Zero/Shark
The package provides an alternative runtime using the Zero VM and the
Shark Just In Time Compiler (JIT). Built on architectures in addition
to the Hotspot VM as a debugging aid for those architectures which don't
have a Hotspot VM.
.
The VM is started with the option `-zero'. See the README.Debian for details.
- openjdk-8-source: OpenJDK Development Kit (JDK) source files
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the Java programming language source files
(src.zip) for all classes that make up the Java core API.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
