Mageia 2020-0182: java-1.8.0-openjdk security update
Summary
Updated java-1.8.0-openjdk packages fix security vulnerabilities:
Misplaced regular expression syntax error check in RegExpScanner (Scripting,
8223898) (CVE-2020-2754)
Incorrect handling of empty string nodes in regular expression Parser
(Scripting, 8223904) (CVE-2020-2755)
Incorrect handling of references to uninitialized class descriptors during
deserialization (Serialization, 8224541) (CVE-2020-2756)
Uncaught InstantiationError exception in ObjectStreamClass (Serialization,
8224549) (CVE-2020-2757)
Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory
(Security, 8231415) (CVE-2020-2773)
Re-use of single TLS session for new connections (JSSE, 8234408)
(CVE-2020-2781)
CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server,
8234825) (CVE-2020-2800)
Incorrect bounds checks in NIO Buffers (Libraries, 8234841)
(CVE-2020-2803)
Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
(CVE-2020-2805)
Regular expression DoS in Scanner (C...
References
- https://bugs.mageia.org/show_bug.cgi?id=26520
- https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2020:1512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2773
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830
Resolution
MGASA-2020-0182 - Updated java-1.8.0-openjdk packages fix security vulnerabilities
SRPMS
- 7/core/java-1.8.0-openjdk-1.8.0.252-1.b09.1.mga7
