Updated java-1.8.0-openjdk packages fix security vulnerability
Publication date: 31 Jul 2020Modification date: 31 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-14583 , CVE-2020-14593 , CVE-2020-14556 , CVE-2020-14578 , CVE-2020-14579 , CVE-2020-14621 , CVE-2020-14577
Description
Bypass of boundary checks in nio.Buffer via concurrent access.
(CVE-2020-14583)
Incomplete bounds checks in Affine Transformations. (CVE-2020-14593)
Incorrect handling of access control context in ForkJoinPool.
(CVE-2020-14556)
Unexpected exception raised by DerInputStream. (CVE-2020-14578)
Unexpected exception raised by DerValue.equals(). (CVE-2020-14579)
XML validation manipulation due to incomplete application of the
use-grammar-pool-only feature. (CVE-2020-14621)
HostnameChecker does not ensure X.509 certificate names are in
normalized form. (CVE-2020-14577)
References
- https://bugs.mageia.org/show_bug.cgi?id=26960
- https://access.redhat.com/errata/RHSA-2020:2972
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14583
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14556
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577
SRPMS
7/core
- java-1.8.0-openjdk-1.8.0.262-1.b10.1.mga7