{ "schema_version": "1.6.2", "id": "MGASA-2018-0436", "published": "2018-11-03T11:55:18Z", "modified": "2018-11-03T11:29:10Z", "summary": "Updated java-1.8.0-openjdk packages fix security vulnerabilities", "details": "Updated java-1.8.0-openjdk packages fix security vulnerabilities:\n\nIncorrect handling of unsigned attributes in singed Jar manifests\n(Security, 8194534) (CVE-2018-3136).\n\nLeak of sensitive header data via HTTP redirect (Networking, 8196902)\n(CVE-2018-3139).\n\nIncomplete enforcement of the trustURLCodebase restriction\n(JNDI, 8199177) (CVE-2018-3149).\n\nImproper field access checks (Hotspot, 8199226) (CVE-2018-3169).\n\nMissing endpoint identification algorithm check during TLS session\nresumption (JSSE, 8202613) (CVE-2018-3180).\n\nUnrestricted access to scripting engine (Scripting, 8202936)\n(CVE-2018-3183).\n\nInfinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214).\n", "related": [ "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2018-0436.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=23718" }, { "type": "REPORT", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "type": "REPORT", "url": "https://access.redhat.com/errata/RHSA-2018:2942" } ], "affected": [ { "package": { "ecosystem": "Mageia:6", "name": "java-1.8.0-openjdk", "purl": "pkg:rpm/mageia/java-1.8.0-openjdk?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.8.0.191-1.b12.1.mga6" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }