MGASA-2020-0309 - Updated java-1.8.0-openjdk packages fix security vulnerability

Publication date: 31 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0309.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-14583,
     CVE-2020-14593,
     CVE-2020-14556,
     CVE-2020-14578,
     CVE-2020-14579,
     CVE-2020-14621,
     CVE-2020-14577

Bypass of boundary checks in nio.Buffer via concurrent access.
(CVE-2020-14583)

Incomplete bounds checks in Affine Transformations. (CVE-2020-14593)

Incorrect handling of access control context in ForkJoinPool.
(CVE-2020-14556)

Unexpected exception raised by DerInputStream. (CVE-2020-14578)

Unexpected exception raised by DerValue.equals(). (CVE-2020-14579)

XML validation manipulation due to incomplete application of the
use-grammar-pool-only feature. (CVE-2020-14621)

HostnameChecker does not ensure X.509 certificate names are in
normalized form. (CVE-2020-14577)

References:
- https://bugs.mageia.org/show_bug.cgi?id=26960
- https://access.redhat.com/errata/RHSA-2020:2972
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14583
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14556
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577

SRPMS:
- 7/core/java-1.8.0-openjdk-1.8.0.262-1.b10.1.mga7