Updated java-1.8.0-openjdk packages fix security vulnerabilities
Publication date: 04 May 2018Modification date: 04 May 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-2790 , CVE-2018-2794 , CVE-2018-2795 , CVE-2018-2796 , CVE-2018-2797 , CVE-2018-2798 , CVE-2018-2799 , CVE-2018-2800 , CVE-2018-2814 , CVE-2018-2815
Description
OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)
References
- https://bugs.mageia.org/show_bug.cgi?id=22929
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://access.redhat.com/errata/RHSA-2018:1191
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2790
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2794
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2796
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2799
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2800
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2814
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2815
SRPMS
6/core
- java-1.8.0-openjdk-1.8.0.171-1.b10.1.mga6
- copy-jdk-configs-3.3-1.1.mga6
5/core
- java-1.8.0-openjdk-1.8.0.171-1.b10.1.mga5
- copy-jdk-configs-3.3-1.1.mga5