FEDORA-2022-d0ed59bee7
Packages in this update:
java-latest-openjdk-19.0.1.0.10-2.rolling.fc37
Update description:
New in release OpenJDK 19.0.1 (2022-10-18)
Full release notes
This update depends on FEDORA-2022-d0fc6f0dd4
CVEs Fixed
CVE-2022-21618
CVE-2022-21619
CVE-2022-21624
CVE-2022-21628
CVE-2022-39399
Security Fixes
JDK-8282252: Improve BigInteger/Decimal validation
JDK-8285662: Better permission resolution
JDK-8286077: Wider MultiByte conversions
JDK-8286511: Improve macro allocation
JDK-8286519: Better memory handling
JDK-8286526: Improve NTLM support
JDK-8286910: Improve JNDI lookups
JDK-8286918: Better HttpServer service
JDK-8287446: Enhance icon presentations
JDK-8288508: Enhance ECDSA usage
JDK-8289366: Improve HTTP/2 client usage
JDK-8289853: Update HarfBuzz to 4.4.1
JDK-8290334: Update FreeType to 2.12.1
Major Changes
JDK-8292654: G1 Remembered set memory footprint regression after JDK-8286115
JDK-8286115 changed ergonomic sizing of a component of the remembered sets in G1. This change causes increased native memory usage of the Hotspot VM for applications that create large remembered sets with the G1 collector.
In an internal benchmark total GC component native memory usage rose by almost 10% (from 1.2GB to 1.3GB).
This issue can be worked around by passing double the value of G1RemSetArrayOfCardsEntries as printed by running the application with -XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions to your application.
E.g. pass -XX:+UnlockExperimentalVMOptions -XX:G1RemSetArrayOfCardsEntries=128 if a previous run showed a value of 64 for G1RemSetArrayOfCardsEntries in the output of -XX:+PrintFlagsFinal.
JDK-8292579: Update Timezone Data to 2022c
This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone database. All time zone IDs remain the same but the merged time zones will point to a shared zone database.
As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.
For more details, refer to the announcement of 2022b
More Stories
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21 CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code...