[ubuntu/wily-security] openjdk-8 8u91-b14-3ubuntu1~15.10.1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Wed Jul 27 06:43:58 UTC 2016 

openjdk-8 (8u91-b14-3ubuntu1~15.10.1) wily-security; urgency=medium

  * Backport to Ubuntu 15.10.

openjdk-8 (8u91-b14-3ubuntu1) yakkety; urgency=medium

  * SECURITY UPDATE: IIOP Input Stream Hooking
    - d/p/corba-8079718.patch: S8079718, CVE-2016-3458: defaultReadObject is
      not forbidden in readObject in subclasses of InputStreamHook which 
      provides leverage to deserialize malicious objects if a reference to the
      input stream can be obtained separately.
  * SECURITY UPDATE: Complete name checking
    - d/p/jaxp-8148872.patch: S8148872, CVE-2016-3500: In some cases raw names
      in XML data are not checked for length limits allowing for DoS attacks.
  * SECURITY UPDATE: Better delineation of XML processing
    - d/p/jaxp-8149962.patch: S8149962, CVE-2016-3508: Denial of service
      measures do not take newline characters into account. This can be used to
      conduct attacks like the billion laughs DoS.
  * SECURITY UPDATE: Coded byte streams
    - d/p/hotspot-8152479.patch: S8152479, CVE-2016-3550: A fuzzed class file
      triggers an integer overflow in array access.
  * SECURITY UPDATE: Clean up lookup visibility
    - d/p/jdk-8154475.patch: S8154475, CVE-2016-3587: A fast path change
      allowed access to MH.invokeBasic via the public lookup object. MH.iB does
      not do full type checking which can be used to create type confusion.
  * SECURITY UPDATE: Bolster bytecode verification
    - d/p/hotspot-8155981.patch: S8155981, CVE-2016-3606: The bytecode
      verifier checks that any classes' <init> method calls super.<init> before
      returning. There is a way to bypass this requirement which allows
      creating subclasses of classes that are not intended to be extended.
  * SECURITY UPDATE: Persistent Parameter Processing
    - d/p/jdk-8155985.patch: S8155985, CVE-2016-3598: TOCTOU issue with types
      List passed into dropArguments() which can be used to cause type 
      confusion.
  * SECURITY UPDATE: Additional method handle validation
    - d/p/jdk-8158571.patch: S8158571, CVE-2016-3610: MHs.filterReturnValue
      does not check the filter parameter list size. The single expected
      parameter is put in the last parameter position for the filter MH
      allowing for type confusion.
  * SECURITY UPDATE: Enforce GCM limits
    - d/p/jdk-8146514.patch: S8146514: In GCM the counter should not be allowed
      to wrap (per the spec), since that plus exposing the encrypted data could
      lead to leaking information.
  * SECURITY UPDATE: Construction of static protection domains
    - d/p/jdk-8147771.patch: S8147771: SubjectDomainCombiner does not honor the
      staticPermission field and will create ProtectionDomains that vary with
      the system policy which may allow unexpected permission sets.
  * SECURITY UPDATE: Share Class Data
    - d/p/hotspot-8150752.patch: S8150752: Additional verification of AppCDS
      archives is required to prevent an attacker from creating a type
      confusion situation.
  * SECURITY UPDATE: Enforce update ordering 
    - d/p/jdk-8149070.patch: S8149070: If the GCM methods update() and
      updateAAD() are used out of order, the security of the system can be
      weakened and an exception should be thrown to warn the developer.
  * SECURITY UPDATE: Constrain AppCDS behavior
    - d/p/hotspot-8153312.patch: S8153312: AppCDS does not create classloader
      constraints upon reloading classes which could allow class spoofing under
      some circumstances.

openjdk-8 (8u91-b14-3) unstable; urgency=medium

  * Fix an issue with libatk-wrapper (Samuel Thibault). Closes: #827795.
  * Update the KFreeBSD support patch (Steven Chamberlain). Closes: #825514.
  * debian/patches/hotspot-JDK-8158260-ppc64el.patch: JDK-8158260, PPC64:
    unaligned Unsafe.getInt can lead to the generation of illegal
    instructions (Tiago Stürmer Daitx). LP: #1594393.

openjdk-8 (8u91-b14-2ubuntu1) yakkety; urgency=medium

  * Disable the atk bridge again on Ubuntu yakkety (failing TCK tests).

openjdk-8 (8u91-b14-2) unstable; urgency=medium

  * Set initial VMThreadStackSize to 1600 on s390x.

openjdk-8 (8u91-b14-1) unstable; urgency=high

  * Drop unused g++-4.9 build dependency.

Date: 2016-07-20 21:35:13.010548+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/openjdk-8/8u91-b14-3ubuntu1~15.10.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Wily-changes mailing list