MGASA-2021-0298

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2021-0298.html
Import Source
https://advisories.mageia.org/MGASA-2021-0298.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2021-0298
Related
Published
2021-06-28T22:51:23Z
Modified
2021-06-28T21:25:52Z
Summary
Updated java-openjdk packages fix security vulnerabilities
Details

For java-1.8.0

Security fixes

  • JDK-8227467: Better class method invocations
  • JDK-8244473: Contextualize registration for JNDI
  • JDK-8244543: Enhanced handling of abstract classes
  • JDK-8249906, CVE-2021-2163: Enhance opening JARs
  • JDK-8250568, CVE-2021-2161: Less ambiguous processing

  • JDK-8253799: Make lists of normal filenames

    Other significant changes

  • JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default

  • JDK-8244286: Tools Warn If Weak Algorithms Are Used
  • JDK-8256490: Disable TLS 1.0 and 1.1
  • JDK-8242147: New System Properties to Configure the TLS Signature Schemes
  • JDK-8177368: Several incorporation steps are silently failing when an error should be reported.

For java-11

Security fixes

  • JDK-8244473: Contextualize registration for JNDI
  • JDK-8244543: Enhanced handling of abstract classes
  • JDK-8249906, CVE-2021-2163: Enhance opening JARs
  • JDK-8250568, CVE-2021-2161: Less ambiguous processing
  • JDK-8253799: Make lists of normal filenames

  • JDK-8257001: Improve HTTP Client Support

    Other significant changes

  • LDAP Channel Binding Support for Java GSS/Kerberos

  • Disable TLS 1.0 and 1.1
  • jdeps --print-module-deps Reports Transitive Dependencies
  • XML declaration is not followed by a newline
  • SystemTap tapsets updated to support OpenJDK 11
References
Credits

Affected packages

Mageia:8 / java-11-openjdk

Package

Name
java-11-openjdk
Purl
pkg:rpm/mageia/java-11-openjdk?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.11.0.9-0.1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / copy-jdk-configs

Package

Name
copy-jdk-configs
Purl
pkg:rpm/mageia/copy-jdk-configs?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / java-1.8.0-openjdk

Package

Name
java-1.8.0-openjdk
Purl
pkg:rpm/mageia/java-1.8.0-openjdk?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0.292.b10-1.1.mga8

Ecosystem specific 

{
    "section": "core"
}