[Bug 1723861] Re: PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

[bugproxy]

** Tags removed: targetmilestone-inin---
** Tags added: targetmilestone-inin16044

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1723861

Title:
  PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1723861/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1723861] Re: PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

[Andrew Cloke]

** Changed in: ubuntu-power-systems
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1723861

Title:
  PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1723861/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1723861] Re: PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

[Launchpad Bug Tracker]

This bug was fixed in the package openjdk-8 - 8u151-b12-1

---
openjdk-8 (8u151-b12-1) unstable; urgency=high

  * Update to 8u151-b12. Hotspot 8u144-b01 for aarch32 with 8u151 hotspot
patches.

  [ Tiago Stürmer Daitx ]
  * Security patches:
- CVE-2017-10274, S8169026: Handle smartcard clean up better. If a
  CardImpl can be recovered via finalization, then separate instances
  pointing to the same device can be created.
- CVE-2017-10281, S8174109: Better queuing priorities. PriorityQueue's
  readObject allocates an array based on data in the stream which could
  cause an OOM.
- CVE-2017-10285, S8174966: Unreferenced references. RMI's Unreferenced
  thread can be used as the root of a Trusted Method Chain.
- CVE-2017-10295, S8176751: Better URL connections. On Ubuntu (and
  possibly other Linux flavors) CR-NL in the host field are ignored and
  can be used to inject headers in an HTTP request stream.
- CVE-2017-10388, S8178794: Correct Kerberos ticket grants. Kerberos
  implementations can incorrectly take information from the unencrypted
  portion of the ticket from the KDC. This can lead to an MITM attack
  impersonating Kerberos services.
- CVE-2017-10346, S8180711: Better alignment of special invocations. A
  missing load constraint for some invokespecial cases can allow invoking
  a method from an unrelated class.
- CVE-2017-10350, S8181100: Better Base Exceptions. An array is allocated
  based on data in the serial stream without a limit onthe size.
- CVE-2017-10347, S8181323: Better timezone processing. An array is
  allocated based on data in the serial stream without a limit on the
  size.
- CVE-2017-10349, S8181327: Better Node predications. An array is
  allocated based on data in the serial stream without a limit onthe size.
- CVE-2017-10345, S8181370: Better keystore handling. A malicious
  serialized object in a keystore can cause a DoS when using keytool.
- CVE-2017-10348, S8181432: Better processing of unresolved permissions.
  An array is allocated based on data in the serial stream without a limit
  onthe size.
- CVE-2017-10357, S8181597: Process Proxy presentation. A malicious
  serialized stream could cause an OOM due to lack on checking on the
  number of interfaces read from the stream for a Proxy.
- CVE-2017-10355, S8181612: More stable connection processing. If an
  attack can cause an application to open a connection to a malicious FTP
  server (e.g., via XML), then a thread can be tied up indefinitely in
  accept(2).
- CVE-2017-10356, S8181692: Update storage implementations. JKS and JCEKS
  keystores should be retired from common use in favor of more modern
  keystore protections.
- CVE-2016-10165, S8183028: Improve CMS header processing. Missing bounds
  check could lead to leaked memory contents.
- CVE-2016-9841, S8184682: Upgrade compression library. There were four
  off by one errors found in the zlib library. Two of them are long typed
  which could lead to RCE.
  * debian/rules:
- openjdk8 now ships limited and unlimited policy.jar files (S8157561)
  into their own directories under jre/lib/security/policy.
  * debian/rules, d/p/sec-webrev-8u151-hotspot-8179084.patch,
d/p/sec-webrev-8u151-hotspot-8180711.patch: Apply hotspot security updates
to both aarch32 and aarch64.
  * d/p/gcc6.diff, d/p/aarch64.diff, d/p/aarch32.diff, d/p/m68k-support.diff,
d/p/system-libjpeg.diff: Remove hunks related to the generated configure
file generated during the build.
  * d/p/hotspot-ppc64el-S8168318-cmpldi.patch: Use cmpldi instead of li/cmpld.
LP: #1723893.
  * d/p/hotspot-ppc64el-S8170328-andis.patch: Use andis instead of lis/and.
LP: #1723862.
  * d/p/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch: Add
Montgomery multiply intrinsic. LP: #1723860.
  * d/p/hotspot-ppc64el-S8181810-leverage-extrdi.patch: Leverage extrdi for
bitfield extract is absent in OpenJDK 8. LP: #1723861.
  * d/p/jdk-S8165852-overlayfs.patch: Mount point not found for a file which
is present in overlayfs.

  [ Matthias Klose ]
  * Bump standards version.

 -- Matthias Klose   Wed, 01 Nov 2017 07:12:56 +0100

** Changed in: openjdk-8 (Ubuntu)
   Status: Triaged => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10165

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9841

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10274

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10281

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10285

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10295

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10345

** CVE added: 

[Bug 1723861] Re: PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

[Dimitri John Ledkov]

This is https://bugs.openjdk.java.net/browse/JDK-8181810

This bug is currently scheduled to be included in the 8u162 security
update, to be released in January 2018 across all Ubuntu releases.

** Changed in: openjdk-8 (Ubuntu)
Milestone: None => ubuntu-18.01

** Changed in: openjdk-8 (Ubuntu)
   Importance: Undecided => Low

** Changed in: openjdk-8 (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1723861

Title:
  PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1723861/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1723861] Re: PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

[Francis Ginther]

** Tags added: id-59e4f4a8c8537bea56c4be85

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1723861

Title:
  PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1723861/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1723861] Re: PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

[Steve Langasek]

** Changed in: openjdk-8 (Ubuntu)
 Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) => 
Tiago Stürmer Daitx (tdaitx)

** Changed in: ubuntu-power-systems
 Assignee: Canonical Foundations Team (canonical-foundations) => 
(unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1723861

Title:
  PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1723861/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1723861] Re: PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

[Manoj Iyer]

** Tags added: triage-g

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1723861

Title:
  PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1723861/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1723861] Re: PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

[Frank Heimes]

** Also affects: ubuntu-power-systems
   Importance: Undecided
   Status: New

** Changed in: ubuntu-power-systems
   Importance: Undecided => Medium

** Changed in: ubuntu-power-systems
 Assignee: (unassigned) => Canonical Foundations Team 
(canonical-foundations)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1723861

Title:
  PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1723861/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs