ID de Prueba:	1.3.6.1.4.1.25623.1.0.883271
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for java-11-openjdk (CESA-2020:2969)
Resumen:	The remote host is missing an update for the 'java-11-openjdk'; package(s) announced via the CESA-2020:2969 advisory.
Descripción:	Summary: The remote host is missing an update for the 'java-11-openjdk' package(s) announced via the CESA-2020:2969 advisory. Vulnerability Insight: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239) (CVE-2020-14562) * OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867) (CVE-2020-14573) * OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621) * OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'java-11-openjdk' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-14556 Debian Security Information: DSA-4734 (Google Search) https://www.debian.org/security/2020/dsa-4734 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/ https://security.gentoo.org/glsa/202008-24 https://security.gentoo.org/glsa/202209-15 https://www.oracle.com/security-alerts/cpujul2020.html https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html SuSE Security Announcement: openSUSE-SU-2020:1175 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html SuSE Security Announcement: openSUSE-SU-2020:1191 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html SuSE Security Announcement: openSUSE-SU-2020:1893 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html https://usn.ubuntu.com/4433-1/ https://usn.ubuntu.com/4453-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-14562 Common Vulnerability Exposure (CVE) ID: CVE-2020-14573 Common Vulnerability Exposure (CVE) ID: CVE-2020-14577 Common Vulnerability Exposure (CVE) ID: CVE-2020-14583 Common Vulnerability Exposure (CVE) ID: CVE-2020-14593 Common Vulnerability Exposure (CVE) ID: CVE-2020-14621 https://lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103@%3Cj-users.xerces.apache.org%3E
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.