|
|
Subscribe / Log in / New account

Mageia alert MGASA-2020-0182 (java-1.8.0-openjdk)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2020-0182: Updated java-1.8.0-openjdk packages fix security vulnerabilities 


Date:
              Fri, 24 Apr 2020 19:04:53 +0200


Message-ID:
              <20200424170453.E9DCF9F640@duvel.mageia.org>


MGASA-2020-0182 - Updated java-1.8.0-openjdk packages fix security vulnerabilities

Publication date: 24 Apr 2020
URL: https://advisories.mageia.org/MGASA-2020-0182.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-2754,
     CVE-2020-2755,
     CVE-2020-2756,
     CVE-2020-2757,
     CVE-2020-2773,
     CVE-2020-2781,
     CVE-2020-2800,
     CVE-2020-2803,
     CVE-2020-2805,
     CVE-2020-2830

Description:
Updated java-1.8.0-openjdk packages fix security vulnerabilities:

Misplaced regular expression syntax error check in RegExpScanner (Scripting,
8223898) (CVE-2020-2754)

Incorrect handling of empty string nodes in regular expression Parser
(Scripting, 8223904) (CVE-2020-2755)

Incorrect handling of references to uninitialized class descriptors during
deserialization (Serialization, 8224541) (CVE-2020-2756)

Uncaught InstantiationError exception in ObjectStreamClass (Serialization,
8224549) (CVE-2020-2757)

Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory
(Security, 8231415) (CVE-2020-2773)

Re-use of single TLS session for new connections (JSSE, 8234408)
(CVE-2020-2781)

CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server,
8234825) (CVE-2020-2800)

Incorrect bounds checks in NIO Buffers (Libraries, 8234841)
(CVE-2020-2803)

Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
(CVE-2020-2805)

Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830)

References:
- https://bugs.mageia.org/show_bug.cgi?id=26520
- https://www.oracle.com/security-alerts/cpuapr2020.html#Ap...
- https://access.redhat.com/errata/RHSA-2020:1512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2773
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830

SRPMS:
- 7/core/java-1.8.0-openjdk-1.8.0.252-1.b09.1.mga7
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds