Updated java-1.8.0-openjdk packages fix security vulnerabilities
Publication date: 13 Nov 2020Modification date: 16 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-14779 , CVE-2020-14781 , CVE-2020-14782 , CVE-2020-14792 , CVE-2020-14796 , CVE-2020-14797 , CVE-2020-14803
Description
High memory usage during deserialization of Proxy class with many interfaces. (CVE-2020-14779) Credentials sent over unencrypted LDAP connection. (CVE-2020-14781) Certificate blacklist bypass via alternate certificate encodings. (CVE-2020-14782) Integer overflow leading to out-of-bounds access. (CVE-2020-14792) Missing permission check in path to URI conversion. (CVE-2020-14796) Incomplete check for invalid characters in URI to path conversion. (CVE-2020-14797) Race condition in NIO Buffer boundary checks. (CVE-2020-14803) Also, the timezone package has been updated to version 2020d.
References
- https://bugs.mageia.org/show_bug.cgi?id=27478
- https://access.redhat.com/errata/RHSA-2020:4347
- https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/
- http://mm.icann.org/pipermail/tz-announce/2020-April/000058.html
- http://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
- http://mm.icann.org/pipermail/tz-announce/2020-October/000060.html
- http://mm.icann.org/pipermail/tz-announce/2020-October/000062.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14779
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14781
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14782
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14792
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14796
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14803
SRPMS
7/core
- timezone-2020d-1.mga7
- java-1.8.0-openjdk-1.8.0.272-1.b10.1.mga7