MGASA-2023-0272
- Source
- https://advisories.mageia.org/MGASA-2023-0272.html
- Import Source
- https://advisories.mageia.org/MGASA-2023-0272.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2023-0272
- Related
- Published
- 2023-09-30T19:15:40Z
- Modified
- 2023-09-30T17:30:59Z
- Summary
- Updated java packages fix security vulnerabilities
- Details
-
The updated packages fix security vulnerabilities and a file conflict :
Improper connection handling during TLS handshake. (CVE-2023-21930)
Incorrect enqueue of references in garbage collector. (CVE-2023-21954)
Certificate validation issue in TLS session negotiation. (CVE-2023-21967)
Swing HTML parsing issue. (CVE-2023-21939)
Incorrect handling of NULL characters in ProcessBuilder. (CVE-2023-21938)
Missing string checks for NULL characters. (CVE-2023-21937)
Missing check for slash characters in URI-to-path conversion. (CVE-2023-21968)
Array indexing integer overflow issue. (CVE-2023-22045)
Improper handling of slash characters in URI-to-path conversion. (CVE-2023-22049)
O(n^2) growth via consecutive marks. (CVE-2023-25193)
HTTP client insufficient file name validation. (CVE-2023-22006)
ZIP file parsing infinite loop. (CVE-2023-22036)
Modulo operator array indexing issue. (CVE-2023-22044)
Weakness in AES implementation. (CVE-2023-22041)
- References
-
- https://advisories.mageia.org/MGASA-2023-0272.html
- https://bugs.mageia.org/show_bug.cgi?id=32203
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21930
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21954
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21967
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21939
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21938
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21937
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21968
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22045
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22049
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25193
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22036
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22044
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22041
- https://access.redhat.com/errata/RHSA-2023:1904
- https://access.redhat.com/errata/RHSA-2023:1880
- https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2023:4178
- https://access.redhat.com/errata/RHBA-2023:4374
- https://access.redhat.com/errata/RHSA-2023:4169
- https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA
- Credits
-
-
- Mageia - COORDINATOR
-