| Errata ID | 646 |
|---|---|
| Date | 2020-03-11 |
| Source package | openjdk-8 |
| Fixed in version | 8u242-b08-1~deb9u1 |
| Description | This update addresses the following issues: * Incorrect exception processing during deserialization in BeanContextSupport (CVE-2020-2583) * Improper checks of SASL message properties in GssKrb5Base (CVE-2020-2590) * Incorrect isBuiltinStreamHandler check causing URL normalization issues (CVE-2020-2593) * Use of unsafe RSA-MD5 checksum in Kerberos TGS (CVE-2020-2601) * Serialization filter changes via jdk.serialFilter property modification (CVE-2020-2604) * Excessive memory usage in OID processing in X.509 certificate parsing (CVE-2020-2654) * Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (CVE-2020-2659) |
| Additional notes | |
| CVE ID | CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 |
| UCS Bug number | #50927 |
