Advisories ยป MGASA-2020-0418

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Publication date: 13 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-14779 , CVE-2020-14781 , CVE-2020-14782 , CVE-2020-14792 , CVE-2020-14796 , CVE-2020-14797 , CVE-2020-14803

Description

High memory usage during deserialization of Proxy class with many interfaces.
(CVE-2020-14779)

Credentials sent over unencrypted LDAP connection. (CVE-2020-14781)

Certificate blacklist bypass via alternate certificate encodings.
(CVE-2020-14782)

Integer overflow leading to out-of-bounds access. (CVE-2020-14792)

Missing permission check in path to URI conversion. (CVE-2020-14796)

Incomplete check for invalid characters in URI to path conversion.
(CVE-2020-14797)

Race condition in NIO Buffer boundary checks. (CVE-2020-14803)

Also, the timezone package has been updated to version 2020d.  
                

References

SRPMS

7/core