MGASA-2018-0218

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0218.html

Import Source

https://advisories.mageia.org/MGASA-2018-0218.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0218

Related

CVE-2018-2790
CVE-2018-2794
CVE-2018-2795
CVE-2018-2796
CVE-2018-2797
CVE-2018-2798
CVE-2018-2799
CVE-2018-2800
CVE-2018-2814
CVE-2018-2815

Published

2018-05-04T17:29:33Z

Modified

2018-05-04T16:53:00Z

Summary

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Details

OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814)

OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)

OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)

OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)

OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)

OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)

OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815)

OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / java-1.8.0-openjdk

Package

Name: java-1.8.0-openjdk
Purl: pkg:rpm/mageia/java-1.8.0-openjdk?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0.171-1.b10.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / copy-jdk-configs

Package

Name: copy-jdk-configs
Purl: pkg:rpm/mageia/copy-jdk-configs?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3-1.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / java-1.8.0-openjdk

Package

Name: java-1.8.0-openjdk
Purl: pkg:rpm/mageia/java-1.8.0-openjdk?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0.171-1.b10.1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / copy-jdk-configs

Package

Name: copy-jdk-configs
Purl: pkg:rpm/mageia/copy-jdk-configs?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3-1.1.mga6

Ecosystem specific

{
    "section": "core"
}