July ’16 security fixes for Java 8
On the heels of Oracle’s July 2016 security updates for Java 8, the icedtea folks have released version 3.1.0 of their build framework so that I could create packages for OpenJDK 8u101_b13 or “Java 8 Update 101 Build 13” (and the JRE too of course).
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows only)
- S8146514: Enforce GCM limits
- S8147771: Construction of static protection domains under Javax custom policy
- S8148872, CVE-2016-3500: Complete name checking
- S8149070: Enforce update ordering
- S8149962, CVE-2016-3508: Better delineation of XML processing
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams
- S8153312: Constrain AppCDS behavior
- S8154475, CVE-2016-3587: Clean up lookup visibility
- S8155981, CVE-2016-3606: Bolster bytecode verification
- S8155985, CVE-2016-3598: Persistent Parameter Processing
- S8158571, CVE-2016-3610: Additional method handle validation
(rsync URI: rsync://bear.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/)
If your applications are not yet ready for Java 8, I still maintain the Java 7 packages under new names:”openjdk7″ and “openjre7”. Note that my Java 7 and Java 8 packages (e.g. openjdk7 and openjdk) can not co-exist on your computer because they use the same installation directory.
Note about usage:
Remember that I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.
Optionally: If you want to use Java in a web browser then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job. Note that icedtea-web is a NPAPI plugin – this prevents use of Java in Chrome & Chromium because those browsers only support PPAPI plugins, but you’ll be OK with all Mozilla [-compatible] browsers of course.
Have fun! Eric