OPEN JDK CVE-2021-35550

Support for security such as Firewalls and securing linux
Post Reply
psingleton
Posts: 8
Joined: 2021/10/20 05:41:58

OPEN JDK CVE-2021-35550

Post by psingleton » 2021/10/27 07:51:30

Hi,

When can we expect the fixes to be released for open JDK issues listed below:

CVE-2021-35550
CVE-2021-35556
CVE-2021-35559
CVE-2021-35561
CVE-2021-35564
CVE-2021-35565
CVE-2021-35567
CVE-2021-35578
CVE-2021-35586
CVE-2021-35603
https://access.redhat.com/errata/RHSA-2021:3892

Thanks
Paul

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: OPEN JDK CVE-2021-35550

Post by TrevorH » 2021/10/27 11:01:10

Please report on bugs.centos.org though I have already pinged the maintainer to get these rebuilt.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

psingleton
Posts: 8
Joined: 2021/10/20 05:41:58

Re: OPEN JDK CVE-2021-35550

Post by psingleton » 2021/10/27 11:23:35

great, thanks Trevor

psingleton
Posts: 8
Joined: 2021/10/20 05:41:58

Re: OPEN JDK CVE-2021-35550

Post by psingleton » 2021/10/28 10:32:10

Any ETA Trevor? This is critical

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: OPEN JDK CVE-2021-35550

Post by TrevorH » 2021/10/28 10:36:55

They were being built yesterday. They then go through CI to make sure they are ok and should then get pushed to the public network. I just checked and they are not yet available.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: OPEN JDK CVE-2021-35550

Post by TrevorH » 2021/10/28 15:24:26

I'm told that these updates have just been pushed to the master mirror server. That will take a while (30 min+ and maybe several hours depending on the mirror) to go round all the mirror network. If you yum clean all and then update you should see them soon and since yum clean all also refreshes which mirror you talk to, it could be worth trying it a few times if nothing has shown up.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

psingleton
Posts: 8
Joined: 2021/10/20 05:41:58

Re: OPEN JDK CVE-2021-35550

Post by psingleton » 2021/10/29 09:19:54

Thanks for the headsup Trevor.

Post Reply