MGASA-2019-0302
- Source
- https://advisories.mageia.org/MGASA-2019-0302.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0302.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2019-0302
- Related
- Published
- 2019-10-23T21:06:40Z
- Modified
- 2019-10-23T19:44:12Z
- Summary
- Updated java-1.8.0-openjdk packages fix security vulnerabilities
- Details
-
The updated packages fix several bugs and some security issues:
Missing restrictions on use of custom SocketImpl (Networking, 8218573). (CVE-2019-2945)
Improper handling of Kerberos proxy credentials (Kerberos, 8220302). (CVE-2019-2949)
NULL pointer dereference in DrawGlyphList (2D, 8222690). (CVE-2019-2962)
Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684). (CVE-2019-2964)
Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505). (CVE-2019-2973)
Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518). (CVE-2019-2975)
Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892). (CVE-2019-2978)
Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532). (CVE-2019-2981)
Unexpected exception thrown during Font object deserialization (Serialization, 8224915). (CVE-2019-2983)
Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286). (CVE-2019-2987)
Integer overflow in bounds check in SunGraphics2D (2D, 8225292). (CVE-2019-2988)
Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298). (CVE-2019-2989)
Excessive memory allocation in CMap when reading TrueType font (2D, 8225597). (CVE-2019-2992)
Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765). (CVE-2019-2999)
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / java-1.8.0-openjdk
Package
- Name
- java-1.8.0-openjdk
- Purl
- pkg:rpm/mageia/java-1.8.0-openjdk?distro=mageia-7