Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

Mageia: 2020-0182 Critical: Java-1.8.0-OpenJDK Security Issues Resolved

mageia
Calendar Grey April 24, 2020
Dist Mageia Esm H88
The recently released java-1.8.0-openjdk updates rectify significant security vulnerabilities identified in multiple elements of Mageia.
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754)

Summary

Updated java-1.8.0-openjdk packages fix security vulnerabilities:
Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754)
Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755)
Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756)
Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757)
Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773)
Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781)
CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800)
Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803)
Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805)
Regular expression DoS in Scanner (C...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26520

- https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixJAVA

- https://access.redhat.com/errata/RHSA-2020:1512

- https://www.cve.org/CVERecord?id=CVE-2020-2754

- https://www.cve.org/CVERecord?id=CVE-2020-2755

- https://www.cve.org/CVERecord?id=CVE-2020-2756

- https://www.cve.org/CVERecord?id=CVE-2020-2757

- https://www.cve.org/CVERecord?id=CVE-2020-2773

- https://www.cve.org/CVERecord?id=CVE-2020-2781

- https://www.cve.org/CVERecord?id=CVE-2020-2800

- https://www.cve.org/CVERecord?id=CVE-2020-2803

- https://www.cve.org/CVERecord?id=CVE-2020-2805

- https://www.cve.org/CVERecord?id=CVE-2020-2830

Topics%20covered

Topics Covered

security advisory security issue DoS regular expression java-1.8.0-openjdk Mageia misplaced syntax

Resolution

SRPMS

- 7/core/java-1.8.0-openjdk-1.8.0.252-1.b09.1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 24 Apr 2020
URL: https://advisories.mageia.org/MGASA-2020-0182.html
Type: security
CVE: CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2773, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830

Topics%20covered

Topics Covered

security advisory security issue DoS regular expression java-1.8.0-openjdk Mageia misplaced syntax

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here