Updated java-1.8.0-openjdk packages fix security vulnerabilities
Publication date: 06 Sep 2019Modification date: 06 Sep 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-2745 , CVE-2019-2762 , CVE-2019-2769 , CVE-2019-2786 , CVE-2019-2816 , CVE-2019-2842
Description
The updated packages fix several bugs and some security issues:
Side-channel attack risks in Elliptic Curve (EC) cryptography.
(CVE-2019-2745)
Insufficient checks of suppressed exceptions in deserialization.
(CVE-2019-2762)
Unbounded memory allocation during deserialization in Collections.
(CVE-2019-2769)
Insufficient restriction of privileges in AccessController.
(CVE-2019-2786)
Missing URL format validation. (CVE-2019-2816)
Missing array bounds check in crypto providers. (CVE-2019-2842)
References
- https://bugs.mageia.org/show_bug.cgi?id=25172
- https://access.redhat.com/errata/RHSA-2019:1816
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixJAVA
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2745
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2762
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2769
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2786
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2816
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2842
SRPMS
7/core
- java-1.8.0-openjdk-1.8.0.222-1.b10.1.mga7
6/core
- java-1.8.0-openjdk-1.8.0.222-1.b10.1.mga6