Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 425 other subscribers

My Favourites

Slackware

Calendar

April 2019
M T W T F S S
« Mar    
1234567
891011121314
15161718192021
22232425262728
2930  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current

RSS SBo

Meta

April security updates for (open) Java 7 and 8

icedteaUpdates are available both for Java 7 and java 8. These updates sync the OpenJDK releases to the April 2016 updates from Oracle’s Java.

Java 8

The recently released icedtea-3.0.1 builds OpenJDK 8u91_b14 aka Java 8 Update 91, with security fixes and CVE‘s related to Oracle’s April 2016 updates:

  • S8129952, CVE-2016-0686: Ensure thread consistency
  • S8132051, CVE-2016-0687: Better byte behavior
  • S8138593, CVE-2016-0695: Make DSA more fair
  • S8139008: Better state table management
  • S8143167, CVE-2016-3425: Better buffering of XML strings
  • S8143945, CVE-2016-3426: Better GCM validation
  • S8144430, CVE-2016-3427: Improve JMX connections
  • S8146494: Better ligature substitution
  • S8146498: Better device table adjustments

Java 8 contains its own JavaScript engine so there is no longer a dependency on a separate “rhino” package.

Download locations:

Java 7

If your applications are not yet ready for Java 8, I still maintain the Java 7 packages under new names:”openjdk7″ and “openjre7”. Note that my Java 7 and Java 8 packages (e.g. openjdk7 and openjdk) can not co-exist on your computer because they use the same installation directory.

The icedtea-2.6.6 release builds OpenJDK 7u101_b00 aka Java 7 Update 101. There’s a list of security fixes attached to this release, almost identical to the Java 8 list:

  • S8129952, CVE-2016-0686: Ensure thread consistency
  • S8132051, CVE-2016-0687: Better byte behavior
  • S8138593, CVE-2016-0695: Make DSA more fair
  • S8139008: Better state table management
  • S8143167, CVE-2016-3425: Better buffering of XML strings
  • S8144430, CVE-2016-3427: Improve JMX connections
  • S8146494: Better ligature substitution
  • S8146498: Better device table adjustments

The Java 7 package (openjre7 as well as openjdk7) has one dependency: rhino provides JavaScript support for OpenJDK.

Download locations:

Note about usage:

Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

Optionally: If you want to use Java in a web browser then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job. Note that icedtea-web is a NPAPI plugin – this prevents use of Java in Chrome & Chromium because those browsers only support PPAPI plugins, but you’ll be OK with all Mozilla [-compatible] browsers of course.

Have fun! Eric

Comments

Comment from Jen
Posted: April 25, 2016 at 18:06

Many thanks for this and all you do!

Comment from Mike Langdon
Posted: April 26, 2016 at 01:44

Thanks Eric!

Comment from Andrew
Posted: April 26, 2016 at 19:47

The release notes for these are now up; http://bitly.com/it20606 and http://bitly.com/it30001

Comment from alienbob
Posted: April 26, 2016 at 21:22

Thanks Andrew, I have applied those URLs to the main article.

Pingback from Links 27/4/2016: A Lot About OpenStack, Vivaldi 1.1 Released | Techrights
Posted: April 27, 2016 at 13:58

[…] [Slackware] April security updates for (open) Java 7 and 8 […]

Comment from Cristian
Posted: April 27, 2016 at 18:52

This is unrelated to the Java security updates but related to GCC.

Today I checked the Distrowatch website for Ubuntu GNOME and I saw GCC 5.3.1 as officially listed there.

I already emailed the Slackware project about this update to GCC. I think more people should know about it and let’s get 5.3.1 to be the final GCC version for Slackware 14.2

Version 5.3.1 somehow is not listed on the official GNU page for GCC yet Ubuntu GNOME seems to have it.

Let’s make some noise to get the deal done.

Thanks

Comment from Cristian
Posted: April 27, 2016 at 18:53

The website is:

http://distrowatch.com/table.php?distribution=ubuntugnome

gcc (6.1.0) 5.3.1 5.2.1 4.9.2 4.9.1 4.8.2 4.8.1 4.7.3

Comment from alienbob
Posted: April 27, 2016 at 20:53

Cristian

There is no GCC 5.3.1 release. Ubuntu can say all they want, but they are not the GCC developers.

Comment from Cristian
Posted: April 27, 2016 at 23:12

Pat just replied to my email. He said that the version I saw is just what the distribution chose to use from a private build. He said that it is not an official release and thus unsupported. So, in this case 5.3.0 is here to stay for the final Slackware 14.2 release as Pat indicated in the email.

Comment from gegechris99
Posted: May 5, 2016 at 12:49

Hello,

There seems to be any issue with md5sum of rhino package for 64bit current. I cannot install the package using slackpkg. Please refer to this post in LQ: http://www.linuxquestions.org/questions/slackware-14/slackpkg-vs-third-party-package-repository-4175427364/page36.html#post5540838

Comment from alienbob
Posted: May 5, 2016 at 13:16

I will update the rhino package, that will take care of things.
That .asc file for rhino is more than 4 years old so I guess something hickup-ed when generating the most recent CHECKSUMS.md5 repository file.

Comment from gegechris99
Posted: May 5, 2016 at 19:03

Thanks. I just updated the new rhino package using slackpkg.

Write a comment