Detections
Analytics

openSUSE Security Update : java-11-openjdk (openSUSE-2020-1984)

medium Nessus Plugin ID 143184

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for java-11-openjdk fixes the following issues :

 - Update to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943)

 - New features

 + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector

 - Security fixes

 + JDK-8233624: Enhance JNI linkage

 + JDK-8236196: Improve string pooling

 + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class

 + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts

 + JDK-8237995, CVE-2020-14782: Enhance certificate processing

 + JDK-8240124: Better VM Interning

 + JDK-8241114, CVE-2020-14792: Better range handling

 + JDK-8242680, CVE-2020-14796: Improved URI Support

 + JDK-8242685, CVE-2020-14797: Better Path Validation

 + JDK-8242695, CVE-2020-14798: Enhanced buffer support

 + JDK-8243302: Advanced class supports

 + JDK-8244136, CVE-2020-14803: Improved Buffer supports

 + JDK-8244479: Further constrain certificates

 + JDK-8244955: Additional Fix for JDK-8240124

 + JDK-8245407: Enhance zoning of times

 + JDK-8245412: Better class definitions

 + JDK-8245417: Improve certificate chain handling

 + JDK-8248574: Improve jpeg processing

 + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit

 + JDK-8253019: Enhanced JPEG decoding

 - Other changes

 + JDK-6532025: GIF reader throws misleading exception with truncated images

 + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/ /PDialogTest.java needs update by removing an infinite loop

 + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/ /Test8017492.java fails

 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure

 + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed

 + JDK-8134599: TEST_BUG:
 java/rmi/transport/closeServerSocket/ /CloseServerSocket.java fails intermittently with Address already in use

 + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect

 + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider

 + JDK-8172404: Tools should warn if weak algorithms are used before restricting them

 + JDK-8193367: Annotated type variable bounds crash javac

 + JDK-8202117:
 com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset

 + JDK-8203026: java.rmi.NoSuchObjectException: no such object in table

 + JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called

 + JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass

 + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout

 + JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java

 + JDK-8204963: javax.swing.border.TitledBorder has a memory leak

 + JDK-8204994: SA might fail to attach to process with 'Windbg Error: WaitForEvent failed'

 + JDK-8205534: Remove SymbolTable dependency from serviceability agent

 + JDK-8206309: Tier1 SA tests fail

 + JDK-8208281: java/nio/channels/ /AsynchronousSocketChannel/Basic.java timed out

 + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1

 + JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect

 + JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent!

 + JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful

 + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout

 + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2

 + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC

 + JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java

 + JDK-8210131:
 vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ /ap10t001/TestDescription.java failed with ObjectFree:
 GetCurrentThreadCpuTimerInfo returned unexpected error code

 + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3

 + JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack

 + JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests

 + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds

 + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout

 + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4

 + JDK-8210977:
 jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject

 + JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test

 + JDK-8211694: JShell: Redeclared variable should be reset

 + JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent

 + JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest

 + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57)

 - unexpected. lastLine=52, minLine=52, maxLine=55

 + JDK-8212807: tools/jar/multiRelease/Basic.java times out

 + JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent)

 + JDK-8213214: Set -Djava.io.tmpdir= when running tests

 + JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found

 + JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes

 + JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface

 + JDK-8214074: Ghash optimization using AVX instructions

 + JDK-8214491: Upgrade to JLine 3.9.0

 + JDK-8214797: TestJmapCoreMetaspace.java timed out

 + JDK-8215243: JShell tests failing intermitently with 'Problem cleaning up the following threads:'

 + JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed

 + JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions)

 + JDK-8215438: jshell tool: Ctrl-D causes EOF

 + JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows

 + JDK-8216974: HttpConnection not returned to the pool after 204 response

 + JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time

 + JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs

 + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs

 + JDK-8221658: aarch64: add necessary predicate for ubfx patterns

 + JDK-8221759: Crash when completing 'java.io.File.path'

 + JDK-8221918: runtime/SharedArchiveFile/serviceability/ /ReplaceCriticalClasses.java fails: Shared archive not found

 + JDK-8222074: Enhance auto vectorization for x86

 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp

 + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command

 + JDK-8223688: JShell: crash on the instantiation of raw anonymous class

 + JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error

 + JDK-8223940: Private key not supported by chosen signature algorithm

 + JDK-8224184: jshell got IOException at exiting with AIX

 + JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc

 + JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException

 + JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions

 + JDK-8226536: Catch OOM from deopt that fails rematerializing objects

 + JDK-8226575: OperatingSystemMXBean should be made container aware

 + JDK-8226697: Several tests which need the @key headful keyword are missing it.

 + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous

 + JDK-8227059: sun/security/tools/keytool/ /DefaultSignatureAlgorithm.java timed out

 + JDK-8227269: Slow class loading when running with JDWP

 + JDK-8227595:
 keytool/fakegen/DefaultSignatureAlgorithm.java fails due to 'exitValue = 6'

 + JDK-8228448: Jconsole can't connect to itself

 + JDK-8228967: Trust/Key store and SSL context utilities for tests

 + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow

 + JDK-8229815: Upgrade Jline to 3.12.1

 + JDK-8230000: some httpclients testng tests run zero test

 + JDK-8230002: javax/xml/jaxp/unittest/transform/ /SecureProcessingTest.java runs zero test

 + JDK-8230010: Remove jdk8037819/BasicTest1.java

 + JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter

 + JDK-8230402: Allocation of compile task fails with assert: 'Leaking compilation tasks?'

 + JDK-8230767: FlightRecorderListener returns null recording

 + JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java

 + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread

 + JDK-8231586: enlarge encoding space for OopMapValue offsets

 + JDK-8231953: Wrong assumption in assertion in oop::register_oop

 + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes

 + JDK-8232083: Minimal VM is broken after JDK-8231586

 + JDK-8232161: Align some one-way conversion in MS950 charset with Windows

 + JDK-8232855: jshell missing word in /help help

 + JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration

 + JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR

 + JDK-8233386: Initialize NULL fields for unused decorations

 + JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result

 + JDK-8233686: XML transformer uses excessive amount of memory

 + JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions

 + JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment

 + JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose

 + JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()

 + JDK-8234058: runtime/CompressedOops/ /CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr

 + JDK-8234149: Several regression tests do not dispose Frame at end

 + JDK-8234347: 'Turkey' meta time zone does not generate composed localized names

 + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/ /bug6980209.java fails in linux nightly

 + JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC

 + JDK-8234541: C1 emits an empty message when it inlines successfully

 + JDK-8234687: change javap reporting on unknown attributes

 + JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11

 + JDK-8236548: Localized time zone name inconsistency between English and other locales

 + JDK-8236617: jtreg test containers/docker/ /TestMemoryAwareness.java fails after 8226575

 + JDK-8237182: Update copyright header for shenandoah and epsilon files

 + JDK-8237888: security/infra/java/security/cert/ /CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval

 + JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java

 + JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response

 + JDK-8238284: [macos] Zero VM build fails due to an obvious typo

 + JDK-8238380: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10

 + JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple definition' link errors with GCC10

 + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10

 + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes

 + JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code

 + JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete
 _methods())), 'should be non-static concrete method');

 + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD

 + JDK-8240169: javadoc fails to link to non-modular api docs

 + JDK-8240295: hs_err elapsed time in seconds is not accurate enough

 + JDK-8240360: NativeLibraryEvent has wrong library name on Linux

 + JDK-8240676: Meet not symmetric failure when running lucene on jdk8

 + JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support

 + JDK-8241065: Shenandoah: remove leftover code after JDK-8231086

 + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows

 + JDK-8241130:
 com.sun.jndi.ldap.EventSupport.removeDeadNotifier:
 java.lang.NullPointerException

 + JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector

 + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark

 + JDK-8241478:
 vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME

 + JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure

 + JDK-8241750: x86_32 build failure after JDK-8227269

 + JDK-8242184: CRL generation error with RSASSA-PSS

 + JDK-8242283: Can't start JVM when java home path includes non-ASCII character

 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array

 + JDK-8243029: Rewrite javax/net/ssl/compatibility/ /Compatibility.java with a flexible interop test framework

 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request

 + JDK-8243320: Add SSL root certificates to Oracle Root CA program

 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program

 + JDK-8243389: enhance os::pd_print_cpu_info on linux

 + JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment

 + JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp

 + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions

 + JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows)

 + JDK-8244087: 2020-04-24 public suffix list update

 + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26

 + JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base

 + JDK-8244196: adjust output in os_linux

 + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in

 + JDK-8244287: JFR: Methods samples have line number 0

 + JDK-8244703: 'platform encoding not initialized' exceptions with debugger, JNI

 + JDK-8244719: CTW: C2 compilation fails with 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed:
 remove node from hash table before modifying it'

 + JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb

 + JDK-8244763: Update --release 8 symbol information after JSR 337 MR3

 + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor

 + JDK-8245151: jarsigner should not raise duplicate warnings on verification

 + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9

 + JDK-8245714: 'Bad graph detected in build_loop_late' when loads are pinned on loop limit check uncommon branch

 + JDK-8245801: StressRecompilation triggers assert 'redundunt OSR recompilation detected. memory leak in CodeCache!'

 + JDK-8245832: JDK build make-static-libs should build all JDK libraries

 + JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan

 + JDK-8245981: Upgrade to jQuery 3.5.1

 + JDK-8246027: Minimal fastdebug build broken after JDK-8245801

 + JDK-8246094: [macos] Sound Recording and playback is not working

 + JDK-8246153: TestEliminateArrayCopy fails with

 -XX:+StressReflectiveCode

 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ

 + JDK-8246196:
 javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError

 + JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN

 + JDK-8246330: Add TLS Tests for Legacy ECDSA curves

 + JDK-8246453: TestClone crashes with 'all collected exceptions must come from the same place'

 + JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods

 + JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node

 + JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code

 + JDK-8247615: Initialize the bytes left for the heap sampler

 + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand

 + JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&'

 + JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg

 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention

 + JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield

 + JDK-8248348: Regression caused by the update to BCEL 6.0

 + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1

 + JDK-8248495: [macos] zerovm is broken due to libffi headers location

 + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read

 + JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows

 + JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650

 + JDK-8249215: JFrame::setVisible crashed with

 -Dfile.encoding=UTF-8 on Japanese Windows.

 + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel

 + JDK-8249255: Build fails if source code in cygwin home dir

 + JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11

 + JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList

 + JDK-8249560: Shenandoah: Fix racy GC request handling

 + JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle

 + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases

 + JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

 + JDK-8250609: C2 crash in IfNode::fold_compares

 + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics

 + JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.j ava

 + JDK-8250787: Provider.put no longer registering aliases in FIPS env

 + JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM

 + JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk

 + JDK-8250844: Make sure (type,obj)ArrayOopDesc accessors check the bounds

 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher

 + JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure

 + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U

 + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java

 + JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase

 + JDK-8252120: compiler/oracle/TestCompileCommand.java misspells 'occured'

 + JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility

 + JDK-8252258: [11u] JDK-8242154 changes the default vendor

 + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011

 + JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11

 + JDK-8253283: [11u] Test build/translations/ /VerifyTranslations.java failing after JDK-8252258

 + JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes

 + Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk 11.0.9

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected java-11-openjdk packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1177943

Plugin Details

Severity: Medium

ID: 143184

File Name: openSUSE-2020-1984.nasl

Version: 1.5

Type: local

Agent: unix

Published: 11/23/2020

Updated: 2/8/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2020-14792

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-14803

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-11-openjdk, p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility, p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo, p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo, p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource, p-cpe:/a:novell:opensuse:java-11-openjdk-demo, p-cpe:/a:novell:opensuse:java-11-openjdk-devel, p-cpe:/a:novell:opensuse:java-11-openjdk-headless, p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc, p-cpe:/a:novell:opensuse:java-11-openjdk-jmods, p-cpe:/a:novell:opensuse:java-11-openjdk-src, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/20/2020

Vulnerability Publication Date: 10/21/2020

Reference Information

CVE: CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803