Advisories ยป MGASA-2019-0241

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Publication date: 06 Sep 2019
Modification date: 06 Sep 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-2745 , CVE-2019-2762 , CVE-2019-2769 , CVE-2019-2786 , CVE-2019-2816 , CVE-2019-2842

Description

The updated packages fix several bugs and some security issues:

Side-channel attack risks in Elliptic Curve (EC) cryptography.
(CVE-2019-2745)

Insufficient checks of suppressed exceptions in deserialization.
(CVE-2019-2762)

Unbounded memory allocation during deserialization in Collections.
(CVE-2019-2769)

Insufficient restriction of privileges in AccessController.
(CVE-2019-2786)

Missing URL format validation. (CVE-2019-2816)

Missing array bounds check in crypto providers. (CVE-2019-2842)
                

References

SRPMS

7/core

6/core