Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Mageia 7: 2020-0069 Moderate: Java-1.8.0-OpenJDK Update

mageia
Calendar Grey January 30, 2020
Dist Mageia Esm H88
Implementing security enhancements for java-1.8.0-openjdk in Mageia to bolster overall system security and ensure integrity.
The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)

Summary

The updated packages fix security vulnerabilities:
Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)
Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)
Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)
Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)
Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)
Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)
Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)

References

- https://bugs.mageia.org/show_bug.cgi?id=26075

- https://www.oracle.com/security-alerts/cpujan2020.html#AppendixJAVA

- https://access.redhat.com/errata/RHSA-2020:0202

- https://www.cve.org/CVERecord?id=CVE-2020-2590

- https://www.cve.org/CVERecord?id=CVE-2020-2583

- https://www.cve.org/CVERecord?id=CVE-2020-2593

- https://www.cve.org/CVERecord?id=CVE-2020-2601

- https://www.cve.org/CVERecord?id=CVE-2020-2604

- https://www.cve.org/CVERecord?id=CVE-2020-2654

- https://www.cve.org/CVERecord?id=CVE-2020-2659

Topics%20covered

Topics Covered

security advisory update network issues java Mageia improper checks credential handling

Resolution

SRPMS

- 7/core/java-1.8.0-openjdk-1.8.0.242-1.b08.2.mga7

Publication date: 30 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0069.html
Type: security
CVE: CVE-2020-2590, CVE-2020-2583, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659

Topics%20covered

Topics Covered

security advisory update network issues java Mageia improper checks credential handling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here