Mageia 6 & 7: MGASA-2019-0241 Critical: java-1.8.0-openjdk Security Flaws
mageia
September 6, 2019
The updated packages fix several bugs and some security issues: Side-channel attack risks in Elliptic Curve (EC) cryptography
Summary
The updated packages fix several bugs and some security issues:
Side-channel attack risks in Elliptic Curve (EC) cryptography.
(CVE-2019-2745)
Insufficient checks of suppressed exceptions in deserialization.
(CVE-2019-2762)
Unbounded memory allocation during deserialization in Collections.
(CVE-2019-2769)
Insufficient restriction of privileges in AccessController.
(CVE-2019-2786)
Missing URL format validation. (CVE-2019-2816)
Missing array bounds check in crypto providers. (CVE-2019-2842)
References
- https://bugs.mageia.org/show_bug.cgi?id=25172
- https://access.redhat.com/errata/RHSA-2019:1816
- https://www.oracle.com/security-alerts/cpujul2019.html
- https://www.cve.org/CVERecord?id=CVE-2019-2745
- https://www.cve.org/CVERecord?id=CVE-2019-2762
- https://www.cve.org/CVERecord?id=CVE-2019-2769
- https://www.cve.org/CVERecord?id=CVE-2019-2786
- https://www.cve.org/CVERecord?id=CVE-2019-2816
- https://www.cve.org/CVERecord?id=CVE-2019-2842
Resolution
SRPMS
- 7/core/java-1.8.0-openjdk-1.8.0.222-1.b10.1.mga7
- 6/core/java-1.8.0-openjdk-1.8.0.222-1.b10.1.mga6
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 06 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0241.html
Type: security
CVE: CVE-2019-2745,
CVE-2019-2762,
CVE-2019-2769,
CVE-2019-2786,
CVE-2019-2816,
CVE-2019-2842
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!