Advisories ยป MGASA-2020-0069

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Publication date: 30 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-2590 , CVE-2020-2583 , CVE-2020-2593 , CVE-2020-2601 , CVE-2020-2604 , CVE-2020-2654 , CVE-2020-2659

Description

The updated packages fix security vulnerabilities:

Improper checks of SASL message properties in GssKrb5Base (Security,
8226352) (CVE-2020-2590)

Incorrect exception processing during deserialization in BeanContextSupport
(Serialization, 8224909) (CVE-2020-2583)

Incorrect isBuiltinStreamHandler causing URL normalization issues
(Networking, 8228548) (CVE-2020-2593)

Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951)
(CVE-2020-2601)

Serialization filter changes via jdk.serialFilter property modification
(Serialization, 8231422) (CVE-2020-2604)

Excessive memory usage in OID processing in X.509 certificate parsing
(Libraries, 8234037) (CVE-2020-2654)

Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl
(Networking, 8231795) (CVE-2020-2659)
                

References

SRPMS

7/core