PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

Bug #1723861 reported by bugproxy
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
The Ubuntu-power-systems project
Fix Released
Medium
Unassigned
openjdk-8 (Ubuntu)
Fix Released
Low
Tiago Stürmer Daitx

Bug Description

Dear maintainer, could the following change be applied to OpenJDK 8 on next update please in order to solve the issue here described?

http://hg.openjdk.java.net/jdk8u/jdk8u-dev/hotspot/rev/584eac5794ff

Thank you.

bugproxy (bugproxy)
tags: added: architecture-ppc64le bugnameltc-160101 severity-medium targetmilestone-inin---
Changed in ubuntu:
assignee: nobody → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage)
affects: ubuntu → openjdk-8 (Ubuntu)
Frank Heimes (fheimes)
Changed in ubuntu-power-systems:
importance: Undecided → Medium
assignee: nobody → Canonical Foundations Team (canonical-foundations)
Manoj Iyer (manjo)
tags: added: triage-g
Steve Langasek (vorlon)
Changed in openjdk-8 (Ubuntu):
assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) → Tiago Stürmer Daitx (tdaitx)
Changed in ubuntu-power-systems:
assignee: Canonical Foundations Team (canonical-foundations) → nobody
tags: added: id-59e4f4a8c8537bea56c4be85
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

This is https://bugs.openjdk.java.net/browse/JDK-8181810

This bug is currently scheduled to be included in the 8u162 security update, to be released in January 2018 across all Ubuntu releases.

Changed in openjdk-8 (Ubuntu):
milestone: none → ubuntu-18.01
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package openjdk-8 - 8u151-b12-1

---------------
openjdk-8 (8u151-b12-1) unstable; urgency=high

  * Update to 8u151-b12. Hotspot 8u144-b01 for aarch32 with 8u151 hotspot
    patches.

  [ Tiago Stürmer Daitx ]
  * Security patches:
    - CVE-2017-10274, S8169026: Handle smartcard clean up better. If a
      CardImpl can be recovered via finalization, then separate instances
      pointing to the same device can be created.
    - CVE-2017-10281, S8174109: Better queuing priorities. PriorityQueue's
      readObject allocates an array based on data in the stream which could
      cause an OOM.
    - CVE-2017-10285, S8174966: Unreferenced references. RMI's Unreferenced
      thread can be used as the root of a Trusted Method Chain.
    - CVE-2017-10295, S8176751: Better URL connections. On Ubuntu (and
      possibly other Linux flavors) CR-NL in the host field are ignored and
      can be used to inject headers in an HTTP request stream.
    - CVE-2017-10388, S8178794: Correct Kerberos ticket grants. Kerberos
      implementations can incorrectly take information from the unencrypted
      portion of the ticket from the KDC. This can lead to an MITM attack
      impersonating Kerberos services.
    - CVE-2017-10346, S8180711: Better alignment of special invocations. A
      missing load constraint for some invokespecial cases can allow invoking
      a method from an unrelated class.
    - CVE-2017-10350, S8181100: Better Base Exceptions. An array is allocated
      based on data in the serial stream without a limit onthe size.
    - CVE-2017-10347, S8181323: Better timezone processing. An array is
      allocated based on data in the serial stream without a limit on the
      size.
    - CVE-2017-10349, S8181327: Better Node predications. An array is
      allocated based on data in the serial stream without a limit onthe size.
    - CVE-2017-10345, S8181370: Better keystore handling. A malicious
      serialized object in a keystore can cause a DoS when using keytool.
    - CVE-2017-10348, S8181432: Better processing of unresolved permissions.
      An array is allocated based on data in the serial stream without a limit
      onthe size.
    - CVE-2017-10357, S8181597: Process Proxy presentation. A malicious
      serialized stream could cause an OOM due to lack on checking on the
      number of interfaces read from the stream for a Proxy.
    - CVE-2017-10355, S8181612: More stable connection processing. If an
      attack can cause an application to open a connection to a malicious FTP
      server (e.g., via XML), then a thread can be tied up indefinitely in
      accept(2).
    - CVE-2017-10356, S8181692: Update storage implementations. JKS and JCEKS
      keystores should be retired from common use in favor of more modern
      keystore protections.
    - CVE-2016-10165, S8183028: Improve CMS header processing. Missing bounds
      check could lead to leaked memory contents.
    - CVE-2016-9841, S8184682: Upgrade compression library. There were four
      off by one errors found in the zlib library. Two of them are long typed
      which could lead to RCE.
  * debian/rules:
    - openjdk8 now ships limited and ...

Read more...

Changed in openjdk-8 (Ubuntu):
status: Triaged → Fix Released
Changed in ubuntu-power-systems:
status: New → Fix Released
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2018-01-12 08:36 EDT-------
VERIFIED. It's OK. Thanks.

bugproxy (bugproxy)
tags: added: targetmilestone-inin16044
removed: targetmilestone-inin---
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.