OpenJDK Security Update 8u262 (MINDBREEZE15034)

ID: MINDBREEZE15034
Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 4.8 Medium
Status: Final
First published: 14.10.2020
CVEs: CVE-2020-14583, CVE-2020-14593, CVE-2020-14556, CVE-2020-14578, CVE-2020-14579, CVE-2020-14621, CVE-2020-14577

Summary

OpenJDK Security Update 8u262 contains fixes for the following CVEs:

OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583)
OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593)
OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556)
OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578)
OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579)
OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621)
OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577)

Remediation

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

Mindbreeze InSpire 20.4 Release (Version 20.4.4.435)
Mindbreeze InSpire SaaS 20.4 Release (Version 20.4.4.448)

OpenJDK Security Update 8u262 (MINDBREEZE15034)

Summary

Remediation

Social Media

Security

Support

Newsletter

Language