Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Mageia 6: 2018-0436 Moderate: Java 1.8 OpenJDK Security Fix

mageia
Calendar Grey November 3, 2018
Dist Mageia Esm H88
The latest java-1.8.0-openjdk updates address multiple security vulnerabilities that affect Mageia systems significantly.
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136)

Summary

Updated java-1.8.0-openjdk packages fix security vulnerabilities:
Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136).
Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139).
Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149).
Improper field access checks (Hotspot, 8199226) (CVE-2018-3169).
Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180).
Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183).
Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214).

References

- https://bugs.mageia.org/show_bug.cgi?id=23718

- https://www.oracle.com/security-alerts/cpuoct2018.html

- https://access.redhat.com/errata/RHSA-2018:2942

- https://www.cve.org/CVERecord?id=CVE-2018-3136

- https://www.cve.org/CVERecord?id=CVE-2018-3139

- https://www.cve.org/CVERecord?id=CVE-2018-3149

- https://www.cve.org/CVERecord?id=CVE-2018-3169

- https://www.cve.org/CVERecord?id=CVE-2018-3180

- https://www.cve.org/CVERecord?id=CVE-2018-3183

- https://www.cve.org/CVERecord?id=CVE-2018-3214

Topics%20covered

Topics Covered

security advisory security issue medium severity package fix openjdk java update mageia

Resolution

SRPMS

- 6/core/java-1.8.0-openjdk-1.8.0.191-1.b12.1.mga6

Publication date: 03 Nov 2018
URL: https://advisories.mageia.org/MGASA-2018-0436.html
Type: security
CVE: CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214

Topics%20covered

Topics Covered

security advisory security issue medium severity package fix openjdk java update mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here