Mageia 7: 2020-0418 High: Memory Usage and LDAP Security Concerns

mageia

November 13, 2020

High memory usage during deserialization of Proxy class with many interfaces

Summary

High memory usage during deserialization of Proxy class with many interfaces. (CVE-2020-14779)
Credentials sent over unencrypted LDAP connection. (CVE-2020-14781)
Certificate blacklist bypass via alternate certificate encodings. (CVE-2020-14782)
Integer overflow leading to out-of-bounds access. (CVE-2020-14792)
Missing permission check in path to URI conversion. (CVE-2020-14796)
Incomplete check for invalid characters in URI to path conversion. (CVE-2020-14797)
Race condition in NIO Buffer boundary checks. (CVE-2020-14803)
Also, the timezone package has been updated to version 2020d.

References

- https://bugs.mageia.org/show_bug.cgi?id=27478

- https://access.redhat.com/errata/RHSA-2020:4347

- https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/

- https://mm.icann.org/pipermail/tz-announce/2020-April/000058.html

- https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html

- https://mm.icann.org/pipermail/tz-announce/2020-October/000060.html

- https://mm.icann.org/pipermail/tz-announce/2020-October/000062.html

- https://www.cve.org/CVERecord?id=CVE-2020-14779

- https://www.cve.org/CVERecord?id=CVE-2020-14781

- https://www.cve.org/CVERecord?id=CVE-2020-14782

- https://www.cve.org/CVERecord?id=CVE-2020-14792

- https://www.cve.org/CVERecord?id=CVE-2020-14796

- https://www.cve.org/CVERecord?id=CVE-2020-14797

- https://www.cve.org/CVERecord?id=CVE-2020-14803

Topics Covered

security advisory security patch timezone update java update high memory usage unencrypted LDAP

Resolution

SRPMS

- 7/core/timezone-2020d-1.mga7

- 7/core/java-1.8.0-openjdk-1.8.0.272-1.b10.1.mga7

Publication date: 13 Nov 2020

URL: https://advisories.mageia.org/MGASA-2020-0418.html

Type: security

CVE: CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14803

Topics Covered

security advisory security patch timezone update java update high memory usage unencrypted LDAP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 7: 2020-0418 High: Memory Usage and LDAP Security Concerns

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 7: 2020-0418 High: Memory Usage and LDAP Security Concerns

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!