Mageia: 2019-0302 Moderate: Java 1.8.0-OpenJDK Buffer Overflow Issues

mageia

October 23, 2019

The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl (Networking, 8218573)

Summary

The updated packages fix several bugs and some security issues:
Missing restrictions on use of custom SocketImpl (Networking, 8218573). (CVE-2019-2945)
Improper handling of Kerberos proxy credentials (Kerberos, 8220302). (CVE-2019-2949)
NULL pointer dereference in DrawGlyphList (2D, 8222690). (CVE-2019-2962)
Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684). (CVE-2019-2964)
Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505). (CVE-2019-2973)
Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518). (CVE-2019-2975)
Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892). (CVE-2019-2978)
Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532). (CVE-2019-2981)
Unexpected exception thrown during Font object deserialization (Serialization, 8224915). (CVE-2019-2983)
Missing glyph bitmap image dimension...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=25576

- https://access.redhat.com/errata/RHSA-2019:3128

- https://www.oracle.com/security-alerts/cpuoct2019.html

- https://www.cve.org/CVERecord?id=CVE-2019-2945

- https://www.cve.org/CVERecord?id=CVE-2019-2949

- https://www.cve.org/CVERecord?id=CVE-2019-2962

- https://www.cve.org/CVERecord?id=CVE-2019-2964

- https://www.cve.org/CVERecord?id=CVE-2019-2973

- https://www.cve.org/CVERecord?id=CVE-2019-2975

- https://www.cve.org/CVERecord?id=CVE-2019-2978

- https://www.cve.org/CVERecord?id=CVE-2019-2981

- https://www.cve.org/CVERecord?id=CVE-2019-2983

- https://www.cve.org/CVERecord?id=CVE-2019-2987

- https://www.cve.org/CVERecord?id=CVE-2019-2988

- https://www.cve.org/CVERecord?id=CVE-2019-2989

- https://www.cve.org/CVERecord?id=CVE-2019-2992

- https://www.cve.org/CVERecord?id=CVE-2019-2999

Topics Covered

security advisory security update buffer overflow memory allocation java Mageia improper handling

Resolution

SRPMS

- 7/core/java-1.8.0-openjdk-1.8.0.232-1.b09.2.mga7

Publication date: 23 Oct 2019

URL: https://advisories.mageia.org/MGASA-2019-0302.html

Type: security

CVE: CVE-2019-2945, CVE-2019-2949, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999

Topics Covered

security advisory security update buffer overflow memory allocation java Mageia improper handling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia: 2019-0302 Moderate: Java 1.8.0-OpenJDK Buffer Overflow Issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia: 2019-0302 Moderate: Java 1.8.0-OpenJDK Buffer Overflow Issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!