Corresponding Oracle CPU:
https://www.oracle.com/security-alerts/cpujul2020.html

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Bypass of boundary checks in nio.Buffer via concurrent access. (CVE-2020-14583)

Incomplete bounds checks in Affine Transformations. (CVE-2020-14593)

Incorrect handling of access control context in ForkJoinPool. (CVE-2020-14556)

Unexpected exception raised by DerInputStream. (CVE-2020-14578)

Unexpected exception raised by DerValue.equals(). (CVE-2020-14579)

XML validation manipulation due to incomplete application of the use-grammar-pool-only feature. (CVE-2020-14621)

HostnameChecker does not ensure X.509 certificate names are in normalized form. (CVE-2020-14577)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577
https://access.redhat.com/errata/RHSA-2020:2972
https://www.oracle.com/security-alerts/cpujul2020.html
========================

Updated packages in core/updates_testing:
========================
java-1.8.0-openjdk-1.8.0.262-1.b10.1.mga7
java-1.8.0-openjdk-headless-1.8.0.262-1.b10.1.mga7
java-1.8.0-openjdk-devel-1.8.0.262-1.b10.1.mga7
java-1.8.0-openjdk-demo-1.8.0.262-1.b10.1.mga7
java-1.8.0-openjdk-src-1.8.0.262-1.b10.1.mga7
java-1.8.0-openjdk-javadoc-1.8.0.262-1.b10.1.mga7
java-1.8.0-openjdk-javadoc-zip-1.8.0.262-1.b10.1.mga7
java-1.8.0-openjdk-accessibility-1.8.0.262-1.b10.1.mga7
java-1.8.0-openjdk-openjfx-1.8.0.262-1.b10.1.mga7
java-1.8.0-openjdk-openjfx-devel-1.8.0.262-1.b10.1.mga7

from SRPMS:
java-1.8.0-openjdk-1.8.0.262-1.b10.1.mga7.src.rpm

Assignee: nicolas.salguero => qa-bugs
Status: NEW => ASSIGNED

64 bit simple test OK in my normal use
System: i7, Plasma, Nvidia proprietary.

Installed, rebooted

$ java -version
openjdk version "1.8.0_262"
OpenJDK Runtime Environment (build 1.8.0_262-b10)
OpenJDK 64-Bit Server VM (build 25.262-b10, mixed mode)


My Invoicing and bookkeeping program FriBok still works as before:
cd "/Path/To/FriBok" ; _JAVA_OPTIONS="-Dawt.useSystemAAFontSettings=on" java -jar *.jar

CC: (none) => fri

Installed and tested without issues.

Have 49 packages installed that depend on java or java-headless packages.
Tested explicitly using netbeans (12.0 from upstream), projectlibre, sweethome3d, htmlcleaner and yuicompressor.
No issues found.


System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.


$ uname -a
Linux marte 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep java-1.8.0-openjdk
java-1.8.0-openjdk-1.8.0.262-1.b10.1.mga7
java-1.8.0-openjdk-headless-1.8.0.262-1.b10.1.mga7
$ rpm -q --whatrequires java java-headless | sort
apache-commons-io-2.6-3.mga7
apache-commons-logging-1.2-9.mga7
batik-1.10-1.mga7
batik-css-1.10-1.mga7
bouncycastle-1.61-1.mga7
bouncycastle-mail-1.61-1.mga7
bouncycastle-pkix-1.61-1.mga7
flute-1.3.0-9.mga7
hawtjni-runtime-1.16-2.mga7
htmlcleaner-2.2.1-9.mga7
htmlcleaner-2.2.1-9.mga7
icedtea-web-1.8-2.1.mga7
itext-core-2.1.7-37.mga7
jai-imageio-core-1.2-0.21.20100217cvs.2.mga7
janino-2.7.8-9.mga7
jansi-1.17.1-1.mga7
jansi-native-1.7-3.mga7
jargs-1.0-10.mga7
java3d-1.5.2-15.mga7
jaxen-1.1.6-12.mga7
jdom-1.1.3-12.mga7
jline-2.14.6-2.mga7
libbase-1.1.6-8.mga7
libfonts-1.1.6-10.mga7
libformula-1.1.6-9.mga7
liblayout-0.2.10-11.mga7
libloader-1.1.6-9.mga7
libreoffice-core-6.4.4.2-1.mga7
librepository-1.1.6-11.mga7
libserializer-1.1.6-11.mga7
ongres-scram-1.0.0~beta.2-1.mga7
ongres-scram-client-1.0.0~beta.2-1.mga7
pentaho-libxml-1.1.6-10.mga7
pentaho-reporting-flow-engine-0.9.4-13.mga7
postgresql-jdbc-42.2.5-1.mga7
projectlibre-1.9.0-5.mga7
rhino-1.7.7.1-4.mga7
sac-1.3-28.mga7
sunflow-sweethome3d-0.07.3i-1.mga7
sweethome3d-6.1-1.1.mga7
tagsoup-1.2.1-14.mga7
vecmath-1.6.0-0.1.20130710git41fddda.7.mga7
vecmath-1.6.0-0.1.20130710git41fddda.7.mga7
xalan-j2-2.7.1-35.mga7
xerces-j2-2.11.0-29.mga7
xml-commons-apis-1.4.01-23.mga7
xml-commons-resolver-1.2-22.mga7
xmlgraphics-commons-2.2-2.mga7
yuicompressor-2.4.8-2.mga7

CC: (none) => mageia

$ uname -a
Linux localhost 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux



The following 6 packages are going to be installed:

- java-1.8.0-openjdk-1.8.0.262-1.b10.1.mga7.x86_64
- java-1.8.0-openjdk-devel-1.8.0.262-1.b10.1.mga7.x86_64
- java-1.8.0-openjdk-headless-1.8.0.262-1.b10.1.mga7.x86_64
- java-1.8.0-openjdk-openjfx-1.8.0.262-1.b10.1.mga7.x86_64
- java-1.8.0-openjdk-openjfx-devel-1.8.0.262-1.b10.1.mga7.x86_64
- java-1.8.0-openjfx-1.8.0.202-1.b07.3.mga7.x86_64

179MB of additional disk space will be used.


$ java -version
openjdk version "1.8.0_262"

$ javac -version
javac 1.8.0_262


I ran an old app I wrote in java years ago.  It worked.
Compiled it from command line that worked and application functioned properly.

Looks good to me.

CC: (none) => brtians1

MGA7-64 Plasma on Lenovo B50
No installation issues
Ref bug 20220 for test file
$ java -version
openjdk version "1.8.0_262"
OpenJDK Runtime Environment (build 1.8.0_262-b10)
OpenJDK 64-Bit Server VM (build 25.262-b10, mixed mode)

javac helloworld.java 

$ java helloworld 
Gtk-Message: 14:01:52.973: Failed to load module "canberra-gtk-module"
Hello World!
Hello World!
Output twice because I pressed the OK button twice.
Good to go

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Lots of tests - thank you, everyone! Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0309.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED