Advisories ยป MGASA-2020-0182

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Publication date: 24 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-2754 , CVE-2020-2755 , CVE-2020-2756 , CVE-2020-2757 , CVE-2020-2773 , CVE-2020-2781 , CVE-2020-2800 , CVE-2020-2803 , CVE-2020-2805 , CVE-2020-2830


Updated java-1.8.0-openjdk packages fix security vulnerabilities:

Misplaced regular expression syntax error check in RegExpScanner (Scripting,
8223898) (CVE-2020-2754)

Incorrect handling of empty string nodes in regular expression Parser
(Scripting, 8223904) (CVE-2020-2755)

Incorrect handling of references to uninitialized class descriptors during
deserialization (Serialization, 8224541) (CVE-2020-2756)

Uncaught InstantiationError exception in ObjectStreamClass (Serialization,
8224549) (CVE-2020-2757)

Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory
(Security, 8231415) (CVE-2020-2773)

Re-use of single TLS session for new connections (JSSE, 8234408)

CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server,
8234825) (CVE-2020-2800)

Incorrect bounds checks in NIO Buffers (Libraries, 8234841)

Incorrect type checks in MethodType.readObject() (Libraries, 8235274)

Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830)