| Description: | Summary:
The remote host is missing an update for the 'java-1.8.0-openjdk' package(s) announced via the MGASA-2019-0302 advisory.
Vulnerability Insight:
The updated packages fix several bugs and some security issues:
Missing restrictions on use of custom SocketImpl (Networking, 8218573).
(CVE-2019-2945)
Improper handling of Kerberos proxy credentials (Kerberos, 8220302).
(CVE-2019-2949)
NULL pointer dereference in DrawGlyphList (2D, 8222690). (CVE-2019-2962)
Unexpected exception thrown by Pattern processing crafted regular
expression (Concurrency, 8222684). (CVE-2019-2964)
Unexpected exception thrown by XPathParser processing crafted XPath
expression (JAXP, 8223505). (CVE-2019-2973)
Unexpected exception thrown during regular expression processing in
Nashorn (Scripting, 8223518). (CVE-2019-2975)
Incorrect handling of nested jar: URLs in Jar URL handler
(Networking, 8223892). (CVE-2019-2978)
Unexpected exception thrown by XPath processing crafted XPath expression
(JAXP, 8224532). (CVE-2019-2981)
Unexpected exception thrown during Font object deserialization
(Serialization, 8224915). (CVE-2019-2983)
Missing glyph bitmap image dimension check in FreetypeFontScaler
(2D, 8225286). (CVE-2019-2987)
Integer overflow in bounds check in SunGraphics2D (2D, 8225292).
(CVE-2019-2988)
Incorrect handling of HTTP proxy responses in HttpURLConnection
(Networking, 8225298). (CVE-2019-2989)
Excessive memory allocation in CMap when reading TrueType font
(2D, 8225597). (CVE-2019-2992)
Insufficient filtering of HTML event attributes in Javadoc
(Javadoc, 8226765). (CVE-2019-2999)
Affected Software/OS:
'java-1.8.0-openjdk' package(s) on Mageia 7.
Solution:
Please install the updated package(s).
CVSS Score:
5.8
CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
