MGASA-2018-0436

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2018-0436.html
Import Source
https://advisories.mageia.org/MGASA-2018-0436.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2018-0436
Related
Published
2018-11-03T11:55:18Z
Modified
2018-11-03T11:29:10Z
Summary
Updated java-1.8.0-openjdk packages fix security vulnerabilities
Details

Updated java-1.8.0-openjdk packages fix security vulnerabilities:

Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136).

Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139).

Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149).

Improper field access checks (Hotspot, 8199226) (CVE-2018-3169).

Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180).

Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183).

Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214).

References
Credits

Affected packages

Mageia:6 / java-1.8.0-openjdk

Package

Name
java-1.8.0-openjdk
Purl
pkg:rpm/mageia/java-1.8.0-openjdk?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.191-1.b12.1.mga6

Ecosystem specific 

{
    "section": "core"
}