April 15 Java security update: OpenJDK 7u79
The release announcement can be found on the blog of release maintainer Andrew Hughes. The update synchronizes OpenJDK with Oracle’s April ’15 security updates. This will be Oracle’s final update to the Java 7 codebase. I expect that the next release of Icedtea will give us OpenJDK 8.
A list of CVE’s is associated with the new release. Here are all security fixes mentioned in the post:
- S8059064: Better G1 log caching
- S8060461: Fix for JDK-8042609 uncovers additional issue
- S8064601, CVE-2015-0480: Improve jar file handling
- S8065286: Fewer subtable substitutions
- S8065291: Improved font lookups
- S8066479: Better certificate chain validation
- S8067050: Better font consistency checking
- S8067684: Better font substitutions
- S8067699, CVE-2015-0469: Better glyph storage
- S8068320, CVE-2015-0477: Limit applet requests
- S8068720, CVE-2015-0488: Better certificate options checking
- S8069198: Upgrade image library
- S8071726, CVE-2015-0478: Better RSA optimizations
- S8071818: Better vectorization on SPARC
- S8071931, CVE-2015-0460: Return of the phantom menace
The new Java is properly detected by the java tester page at http://javatester.org/version.html but Oracle’s Java version tester at http://java.com/en/download/testjava.jsp only mentions that this version of Java is no longer supported (it wants us all to move to Java 8 on Windows I guess):
Note about usage:
Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package. Get them here.
Optionally: If you want to use Java in a web browser (which supports NPAPI plugins – this excludes Chrome & Chromium but you’ll be OK with all Mozilla [-compatible] browsers) then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job.
If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.
Have fun! Eric