Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1394
openjdk-8 security update
26 April 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openjdk-8
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-2163 CVE-2021-2161
Reference: ASB-2021.0076
ESB-2021.1342
Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2634
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2634-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 23, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : openjdk-8
Version : 8u292-b10-0+deb8u1
CVE ID : CVE-2021-2161 CVE-2021-2163
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
resulting in bypass of sandbox restrictions.
For Debian 9 stretch, these problems have been fixed in version
8u292-b10-0+deb8u1.
We recommend that you upgrade your openjdk-8 packages.
For the detailed security status of openjdk-8 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-8
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCCsAYACgkQnUbEiOQ2
gwKYNg//arPlaFLkUretK5itp21A59z5n7ZLdCBCZ/x3F1UxBq0OhRWk7fVmz4Qh
iN07naw5Bu82dr87C5S8QUrC8qmv0NmQruPKsEZ9LeDw1sydN2mCgjPOgehMNYl9
Xtkb8tD3pvn0b5BnQ2a9HeqVWiXQ7R3h7KSGMwG9L01TBDb+uw+33JQd1Hy4vE7U
dXQQ/xfWfteyaYYm0zsBeU/BJZgwi5tIe5fFKf2MEycZasrOXpoLsl5SkzXXeeTt
C9oOQX9b0C8VZhh4rd0OV0YsX99JpgkADiMrdlZu02YRqBLtpFBVZsQasxO9cvBt
ToZDeiKNyWTZVvvN3FVXBypJIXAGcPpWe3Jt0Mhitsznqs2RDbXSFTYtD2eyX4EF
ctqY3dnzUzCgiaNIz6xfmKmU8Kn9jWVtjjDFCg53JRD4XrpyDufV6BQVfRgZt5ta
W4F3v04gAI25lDbu+6p9mRLur7GW37G1u7rtECLCZSBD2O61e7yjb8dqpdWrSlN+
vxnke28MOxORqtEx2cGRTW7mBa1dWPuI2KokLezmD+IZfHezkoxzD547LTLzFu/M
7XKEGmsiMpY4BsEYe5k3Ej57G7OvX3y1w2NDR9XsU5sQvSs4u84lCKpZ62ouaDHj
h2nP2sq9EQjcX3gNEGtFz4KKlJ1DPEYo0C6eRFYoQna+eXWdmRU=
=BcvF
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYIZT0+NLKJtyKPYoAQhPAxAAgykYbapN78hQs9bgEBkMtGCv9UELGHtb
PFtwz1MAJXvQZvV0A5iiOeoKEiABTwWavyf7L0Krcw9peWQcMAd+pEcsMJCghi+h
Z65gWA9ZVYeo9LYYI/Qy8H4nWDeZ9lDc6SgX4Qet9m5sEdkmZpL65R/u0R9cz66o
BMRlUMe7JKLbZ+LZXzZfsjjhzNkG1scJUO06ycVxPs4fmAnqBZb1vA7NGeok16f1
dy/zyiZCJXrZ8Bs2K6r4Qjt4sumbLeqJKNQGCL22FVLC8LHKsWhSc2xzfBgMVRjc
UCa/OGWWliap88bndkl0qg1+gI/gC+BCorPAuHe6RpU3QHEfQnPwIL6lurbhPXgk
tr1LhiWP9syb0EN0kg8N/3OZWPH/LFJk0MAaja/HS/lZMc4956NWq2bDNMGSKWrj
yVS8+O9C6Jgq0u41jp7BI94MPSXyguZni6WAJjTLkbAOUdIy1I7ypt2dwaE0TRwT
P8sAKXxUN5IEPvUwi3qmDe9ACdYBErTP5K0yAI27M0zd2E4MP6OLNtz7NQIdEySO
BULaw89Jrd5/U6FI8UnYzrsqxgyil1Zkk6qS/4cFiWaxE90GutwvKRBAsvzeAyNd
trzrWyZFzsmPr5k8u087RHv4Je8HBtEl5L7vJbGyR2Dz9j+RWGJV3u1DSdz3Zwt8
RhUTEzFZJtU=
=C+r+
-----END PGP SIGNATURE-----