Advisories ยป MGASA-2019-0302

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Publication date: 23 Oct 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-2945 , CVE-2019-2949 , CVE-2019-2962 , CVE-2019-2964 , CVE-2019-2973 , CVE-2019-2975 , CVE-2019-2978 , CVE-2019-2981 , CVE-2019-2983 , CVE-2019-2987 , CVE-2019-2988 , CVE-2019-2989 , CVE-2019-2992 , CVE-2019-2999


The updated packages fix several bugs and some security issues:

Missing restrictions on use of custom SocketImpl (Networking, 8218573).

Improper handling of Kerberos proxy credentials (Kerberos, 8220302).

NULL pointer dereference in DrawGlyphList (2D, 8222690). (CVE-2019-2962)

Unexpected exception thrown by Pattern processing crafted regular
expression (Concurrency, 8222684). (CVE-2019-2964)

Unexpected exception thrown by XPathParser processing crafted XPath
expression (JAXP, 8223505). (CVE-2019-2973)

Unexpected exception thrown during regular expression processing in
Nashorn (Scripting, 8223518). (CVE-2019-2975)

Incorrect handling of nested jar: URLs in Jar URL handler
(Networking, 8223892). (CVE-2019-2978)

Unexpected exception thrown by XPath processing crafted XPath expression
(JAXP, 8224532). (CVE-2019-2981)

Unexpected exception thrown during Font object deserialization
(Serialization, 8224915). (CVE-2019-2983)

Missing glyph bitmap image dimension check in FreetypeFontScaler
(2D, 8225286). (CVE-2019-2987)

Integer overflow in bounds check in SunGraphics2D (2D, 8225292).

Incorrect handling of HTTP proxy responses in HttpURLConnection
(Networking, 8225298). (CVE-2019-2989)

Excessive memory allocation in CMap when reading TrueType font
(2D, 8225597). (CVE-2019-2992)

Insufficient filtering of HTML event attributes in Javadoc
(Javadoc, 8226765). (CVE-2019-2999)