Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3921 openjdk-8 security update 22 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openjdk-8 Publisher: Debian Operating System: Debian GNU/Linux 9 UNIX variants (UNIX, Linux, OSX) Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-2999 CVE-2019-2992 CVE-2019-2989 CVE-2019-2988 CVE-2019-2987 CVE-2019-2983 CVE-2019-2981 CVE-2019-2978 CVE-2019-2975 CVE-2019-2973 CVE-2019-2964 CVE-2019-2962 CVE-2019-2949 CVE-2019-2945 CVE-2019-2894 Reference: ASB-2019.0294 ESB-2019.3909 ESB-2019.3898 Original Bulletin: http://www.debian.org/security/2019/dsa-4548 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4548-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 21, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : openjdk-8 CVE ID : CVE-2019-2894 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in cross-site scripting, denial of service, information disclosure or Kerberos user impersonation. For the oldstable distribution (stretch), these problems have been fixed in version 8u232-b09-1~deb9u1. We recommend that you upgrade your openjdk-8 packages. For the detailed security status of openjdk-8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-8 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2uIagACgkQEMKTtsN8 Tjav9Q/+It9kxLH7FJ7vMqKGKa4VF93QF6zSBeOBfGu7jAnXIS+6xrSzo2HTUe3X q3UYREhUi0tDq/+PsbuBxN7u2uIbwYZjeMrD1Sj6hG6TJH58L5i52emlAPTvcCPv mU1koChv47lVKi6NTS9iNOpRFcfy3A6q/HqE6LjKMgR93lQkS81iy0diqTYh6NQI KBEyYH7Z8LP3mTbvFSyfNLlLq9REOVcqCACi89XarmT1HiCG6cnfLp8HiJEU0gAH Vf5TOq4NoFifHlOgODT4tlrxvgcenaTS/kcmUEkJtBB0yHl0JBLXZ7jsvHlSV2eh iwfURRPHALRKHVFk58YIJYKL5qGav86Un3FWhm8TXXkcL4eB7NWJo1S2QciuaSQ0 DWdb5MYOTk6/E/P6XhZ9Bh7BzJDfjohy35qHRrdmlCPDa4DRjjxv+jBqwy94NM8h OG2k9wPEpWxQmDbIiDtpRwsJomjC22FYDtGzvjG8q/YC1WZ5YVEBlWaHKkaWVDrq tebEd1F1rGINLJJvbKb+zRQ3jyV8gHI8cK5rsPEwQ4sjsGoJce7pt4FdjFx/vIPC RDdkvsrzGPKSjb2zexx6QYRs+2ohAfgscLDgCFyK60oIpoqKBNaF/ROO8gEGro3u s5L9mlLzYV3YfuV9Ux/2kNBShM7Wo0QLggN2QHKYhUvH0wOMRE0= =drJn - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXa5Y12aOgq3Tt24GAQgtYg/+PKiyxbN4RDhmOAHIGOhXmd/bWHuqn27h pxP9qY8NzRjY5YsA8y2qN1+Nna9C2l25zvIthw/Tt7dv+BSzPCO7r4KEKfh8KNIC X2I/k/DCpDvWbVS3vNHKzwfD1c8LvmwPH1hhmymSeyau2u+lkJ6KoRMPpVA9BCFS 9C+LKEeVpJ4wwLWJpUeaOnVaxjQRxgK1RENouy3bhZEztq3wtueueq2D2kcrqpri TSZPededkYX1yIqhlWN8NjJeRoLiLDXAfWdifgj8p4ayd6Bnl59daueYD92ZVHvc ZIgNrgRCdmbWZi61TIxReGtFXUiXj4GtPoMdiTIXP8qTXRunOtZ3as+n6foYrVjU nA25B8g4VNo6zr8cuaTmc2okLF+KarP/ao028PzoXhQcp8pz9azAgleTS1/MSx36 bWWLJ23beKNO35ZcOOWW268ID18k2ywYiXmYMNfgEKk/VYD8cRO+xTmdhIQd2aM0 IfPrD8FKmdEJNZ621VaAlLaRt9RICmFeTFCXIrdsfNIjcMEROtqp7q4MaKlcwP3S JyWwDXpSpjTF56vpEZSG0rTaAqPQPb7LLpTsf+4QJ28ML/WpNBjWwT6mSZ5J+QOl MfYAHfeNQOt8Hay8XS0/OMHhBaYnmOlN+VqQH3xpERk1dwfpS4I+jkpCJBBvjrGA maRXBV/La0w= =zLbR -----END PGP SIGNATURE-----