Hot on the heels of the Oracle release of its Java SE 7 Update 21, there is a new icedtea version which brings the free and open source version of Java – OpenJDK – to version 7 Update 21 as well. The OpenJDK 7u21 release addresses several vulnerabilities.
The announcement was made on the mailing list first, but Andrew John Hughes wrote a more official blurb on his blog.
Here is the list (taken from Andrew’s post) of the vulnerabilities which have been plugged and their CVE numbers:
- S6657673, CVE-2013-1518: Issues with JAXP
- S8000724, CVE-2013-2417: Improve networking serialization
- S8001031, CVE-2013-2419: Better font processing
- S8001040, CVE-2013-1537: Rework RMI model
- S8001329, CVE-2013-1557: Augment RMI logging
- S8003543, CVE-2013-2415: Improve processing of MTOM attachments
- S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames
- S8004986, CVE-2013-2383: Better handling of glyph table
- S8004987, CVE-2013-2384: Improve font layout
- S8004994, CVE-2013-1569: Improve checking of glyph table
- S8006435, CVE-2013-2424: Improvements in JMX
- S8007617, CVE-2013-2420: Better validation of images
- S8007667, CVE-2013-2430: Better image reading
- S8007918, CVE-2013-2429: Better image writing
- S8009049, CVE-2013-2436: Better method handle binding
- S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap
- S8009305, CVE-2013-0401: Improve AWT data transfer
- S8009677, CVE-2013-2423: Better setting of setters
- S8009699, CVE-2013-2421: Methodhandle lookup
- S8009814, CVE-2013-1488: Better driver management
- S8009857, CVE-2013-2422: Problem with plugin
My packages for OpenJDK have been compiled on Slackware 13.37 (and are useable on 13.37 as well as 14.0 and -current!). Get them preferably from a mirror site:
- http://alien.slackbook.org/slackbuilds/openjdk/ , the primary location (bandwidth-capped)
- http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast mirror
I am happy to announce that I was able to build an ARM version of the OpenJDK again. The build with the “cacao” VM was failing for several months now, and I switched to the “jamvm” which is a small (but fully compliant), efficient Java virtual Machine with JIT compiler.. Sources and packages to be found at http://taper.alienbase.nl/mirrors/alienarm/
Further packages that are recommended/required:
- Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin). Note that I updated my icedtea-web package less than a week ago, which pugs a few vulnerabilities (CVE-2013-1927 and CVE-2013-1926 to be precise).
- Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.
Eric
Thanks Eric! 🙂
Always welcome 😉
Hi Mr. Eric, My name is Martin, can you help me to get javaws in openjdk version?.
Every suggest are welcome, please! I really need that functionality
Hi Mart
If you want javaws, you have to install the “icedtea-web” package. I mention this in the article, where I call it the “Java browser-plugin” but indeed, the standalone javaws is also part of that package.
Eric
Thanks Mr. Eric
We just released the next major version for 7, 2.4.0: http://blog.fuseyism.com/index.php/2013/06/10/icedtea-2-4-0-released/
I write both the mailing list announcement and the blog post. They are basically the same, but the latter should be taken as definitive, as it can be updated if we find errors or things that have been missed. I’ve already added one item that someone didn’t document with 2.4.0 and added a few bug IDs that were missed.
Thanks for taking the time to package our work. It’s much appreciated!
Hi Andrew, good news!
Tonight will be a busy night then… right in time because one day later and I would have been busy with preparing the missus’ birthday!
Cheers, Eric