Advisories ยป MGASA-2018-0218

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Publication date: 04 May 2018
Modification date: 04 May 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-2790 , CVE-2018-2794 , CVE-2018-2795 , CVE-2018-2796 , CVE-2018-2797 , CVE-2018-2798 , CVE-2018-2799 , CVE-2018-2800 , CVE-2018-2814 , CVE-2018-2815

Description

OpenJDK: incorrect handling of Reference clones can lead to sandbox
bypass (Hotspot, 8192025) (CVE-2018-2814)

OpenJDK: unrestricted deserialization of data from JCEKS key stores
(Security, 8189997) (CVE-2018-2794)

OpenJDK: insufficient consistency checks in deserialization of multiple
classes (Security, 8189977) (CVE-2018-2795)

OpenJDK: unbounded memory allocation during deserialization in
PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)

OpenJDK: unbounded memory allocation during deserialization in
TabularDataSupport (JMX, 8189985) (CVE-2018-2797)

OpenJDK: unbounded memory allocation during deserialization in Container
(AWT, 8189989) (CVE-2018-2798)

OpenJDK: unbounded memory allocation during deserialization in
NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)
(CVE-2018-2800)

OpenJDK: unbounded memory allocation during deserialization in
StubIORImpl (Serialization, 8192757) (CVE-2018-2815)

OpenJDK: incorrect merging of sections in the JAR manifest
(Security, 8189969) (CVE-2018-2790)

References

SRPMS

5/core

6/core