stable

OpenJDK 11.0.13 Security Update for Fedora 33

FEDORA-2021-9a51a6f8b1 created by ahughes 3 years ago for Fedora 33

New in release OpenJDK 11.0.13 (2021-10-19):

Live versions of these release notes can be found at:

Security fixes

  • JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
  • JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
  • JDK-8263314: Enhance XML Dsig modes
  • JDK-8265167, CVE-2021-35556: Richer Text Editors
  • JDK-8265574: Improve handling of sheets
  • JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
  • JDK-8265776: Improve Stream handling for SSL
  • JDK-8266097, CVE-2021-35561: Better hashing support
  • JDK-8266103: Better specified spec values
  • JDK-8266109: More Resilient Classloading
  • JDK-8266115: More Manifest Jar Loading
  • JDK-8266137, CVE-2021-35564: Improve Keystore integrity
  • JDK-8266689, CVE-2021-35567: More Constrained Delegation
  • JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
  • JDK-8267712: Better LDAP reference processing
  • JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
  • JDK-8267735, CVE-2021-35586: Better BMP support
  • JDK-8268193: Improve requests of certificates
  • JDK-8268199: Correct certificate requests
  • JDK-8268205: Enhance DTLS client handshake
  • JDK-8268506: More Manifest Digests
  • JDK-8269618, CVE-2021-35603: Better session identification
  • JDK-8269624: Enhance method selection support
  • JDK-8270398: Enhance canonicalization
  • JDK-8270404: Better canonicalization

Major Changes

  • JDK-8271434: Removed IdenTrust Root Certificate
  • JDK-8261922: Updated keytool to Create AKID From SKID of Issuing Certificate as Specified by RFC 5280
  • JDK-8210799: ChaCha20 and Poly1305 TLS Cipher Suites
  • JDK-8219551: Updated the Default Enabled Cipher Suites Preference

FIPS Mode Changes

  • The SunPKCS11 provider in FIPS mode will now eagerly login to the NSS software token on initialisation
  • keytool in FIPS mode now supports importing plain private keys by the provider adding them to the NSS database. This can be disabled using -Dcom.redhat.fips.plainKeySupport=false.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2021-9a51a6f8b1

This update has been submitted for testing by ahughes.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago

ahughes edited this update.

3 years ago
User Icon jvanek provided feedback 3 years ago
karma

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
Builds
1
java-11-openjdk-11.0.13.0.8-1.fc33
java-11-openjdk-11.0.13.0.8-1.fc33

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 8.3.0 on bodhi-web-177-9b9qs.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy