|
|
Subscribe / Log in / New account

Mageia alert MGASA-2020-0418 (java-1.8.0-op)



From:
              Mageia Updates <buildsystem-daemon@mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2020-0418: Updated timezone and java-1.8.0-openjdk packages fix security vulnerabilities


Date:
              Fri, 13 Nov 2020 22:21:44 +0100


Message-ID:
              <20201113212144.0BA0C9F6EB@duvel.mageia.org>


Archive-link:
              Article


MGASA-2020-0418 - Updated timezone and java-1.8.0-openjdk packages fix security vulnerabilities

Publication date: 13 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0418.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-14779,
     CVE-2020-14781,
     CVE-2020-14782,
     CVE-2020-14792,
     CVE-2020-14796,
     CVE-2020-14797,
     CVE-2020-14803

Description:
High memory usage during deserialization of Proxy class with many interfaces.
(CVE-2020-14779)

Credentials sent over unencrypted LDAP connection. (CVE-2020-14781)

Certificate blacklist bypass via alternate certificate encodings.
(CVE-2020-14782)

Integer overflow leading to out-of-bounds access. (CVE-2020-14792)

Missing permission check in path to URI conversion. (CVE-2020-14796)

Incomplete check for invalid characters in URI to path conversion.
(CVE-2020-14797)

Race condition in NIO Buffer boundary checks. (CVE-2020-14803)

Also, the timezone package has been updated to version 2020d.  

References:
- https://bugs.mageia.org/show_bug.cgi?id=27478
- https://access.redhat.com/errata/RHSA-2020:4347
- https://www.oracle.com/security-alerts/cpuoct2020.html#Ap...
-
https://lists.fedoraproject.org/archives/list/package-ann...
- http://mm.icann.org/pipermail/tz-announce/2020-April/0000...
- http://mm.icann.org/pipermail/tz-announce/2020-October/00...
- http://mm.icann.org/pipermail/tz-announce/2020-October/00...
- http://mm.icann.org/pipermail/tz-announce/2020-October/00...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1...

SRPMS:
- 7/core/timezone-2020d-1.mga7
- 7/core/java-1.8.0-openjdk-1.8.0.272-1.b10.1.mga7
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds