MGASA-2020-0418
- Source
- https://advisories.mageia.org/MGASA-2020-0418.html
- Import Source
- https://advisories.mageia.org/MGASA-2020-0418.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2020-0418
- Related
- Published
- 2020-11-13T21:20:36Z
- Modified
- 2020-11-16T22:57:26Z
- Summary
- Updated java-1.8.0-openjdk packages fix security vulnerabilities
- Details
-
High memory usage during deserialization of Proxy class with many interfaces. (CVE-2020-14779)
Credentials sent over unencrypted LDAP connection. (CVE-2020-14781)
Certificate blacklist bypass via alternate certificate encodings. (CVE-2020-14782)
Integer overflow leading to out-of-bounds access. (CVE-2020-14792)
Missing permission check in path to URI conversion. (CVE-2020-14796)
Incomplete check for invalid characters in URI to path conversion. (CVE-2020-14797)
Race condition in NIO Buffer boundary checks. (CVE-2020-14803)
Also, the timezone package has been updated to version 2020d.
- References
-
- https://advisories.mageia.org/MGASA-2020-0418.html
- https://bugs.mageia.org/show_bug.cgi?id=27478
- https://access.redhat.com/errata/RHSA-2020:4347
- https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OMJMTXFJRONFT72YAEQNRFKYZZU4W3HD/
- http://mm.icann.org/pipermail/tz-announce/2020-April/000058.html
- http://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
- http://mm.icann.org/pipermail/tz-announce/2020-October/000060.html
- http://mm.icann.org/pipermail/tz-announce/2020-October/000062.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / timezone
Package
- Name
- timezone
- Purl
- pkg:rpm/mageia/timezone?distro=mageia-7
Mageia:7 / java-1.8.0-openjdk
Package
- Name
- java-1.8.0-openjdk
- Purl
- pkg:rpm/mageia/java-1.8.0-openjdk?distro=mageia-7