Advisories ยป MGASA-2018-0436

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Publication date: 03 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-3136 , CVE-2018-3139 , CVE-2018-3149 , CVE-2018-3169 , CVE-2018-3180 , CVE-2018-3183 , CVE-2018-3214

Description

Updated java-1.8.0-openjdk packages fix security vulnerabilities:

Incorrect handling of unsigned attributes in singed Jar manifests
(Security, 8194534) (CVE-2018-3136).

Leak of sensitive header data via HTTP redirect (Networking, 8196902)
(CVE-2018-3139).

Incomplete enforcement of the trustURLCodebase restriction
(JNDI, 8199177) (CVE-2018-3149).

Improper field access checks (Hotspot, 8199226) (CVE-2018-3169).

Missing endpoint identification algorithm check during TLS session
resumption (JSSE, 8202613) (CVE-2018-3180).

Unrestricted access to scripting engine (Scripting, 8202936)
(CVE-2018-3183).

Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214).
                

References

SRPMS

6/core