Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1394 openjdk-8 security update 26 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openjdk-8 Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-2163 CVE-2021-2161 Reference: ASB-2021.0076 ESB-2021.1342 Original Bulletin: http://www.debian.org/lts/security/2021/dla-2634 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2634-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 23, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : openjdk-8 Version : 8u292-b10-0+deb8u1 CVE ID : CVE-2021-2161 CVE-2021-2163 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in bypass of sandbox restrictions. For Debian 9 stretch, these problems have been fixed in version 8u292-b10-0+deb8u1. We recommend that you upgrade your openjdk-8 packages. For the detailed security status of openjdk-8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-8 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCCsAYACgkQnUbEiOQ2 gwKYNg//arPlaFLkUretK5itp21A59z5n7ZLdCBCZ/x3F1UxBq0OhRWk7fVmz4Qh iN07naw5Bu82dr87C5S8QUrC8qmv0NmQruPKsEZ9LeDw1sydN2mCgjPOgehMNYl9 Xtkb8tD3pvn0b5BnQ2a9HeqVWiXQ7R3h7KSGMwG9L01TBDb+uw+33JQd1Hy4vE7U dXQQ/xfWfteyaYYm0zsBeU/BJZgwi5tIe5fFKf2MEycZasrOXpoLsl5SkzXXeeTt C9oOQX9b0C8VZhh4rd0OV0YsX99JpgkADiMrdlZu02YRqBLtpFBVZsQasxO9cvBt ToZDeiKNyWTZVvvN3FVXBypJIXAGcPpWe3Jt0Mhitsznqs2RDbXSFTYtD2eyX4EF ctqY3dnzUzCgiaNIz6xfmKmU8Kn9jWVtjjDFCg53JRD4XrpyDufV6BQVfRgZt5ta W4F3v04gAI25lDbu+6p9mRLur7GW37G1u7rtECLCZSBD2O61e7yjb8dqpdWrSlN+ vxnke28MOxORqtEx2cGRTW7mBa1dWPuI2KokLezmD+IZfHezkoxzD547LTLzFu/M 7XKEGmsiMpY4BsEYe5k3Ej57G7OvX3y1w2NDR9XsU5sQvSs4u84lCKpZ62ouaDHj h2nP2sq9EQjcX3gNEGtFz4KKlJ1DPEYo0C6eRFYoQna+eXWdmRU= =BcvF - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYIZT0+NLKJtyKPYoAQhPAxAAgykYbapN78hQs9bgEBkMtGCv9UELGHtb PFtwz1MAJXvQZvV0A5iiOeoKEiABTwWavyf7L0Krcw9peWQcMAd+pEcsMJCghi+h Z65gWA9ZVYeo9LYYI/Qy8H4nWDeZ9lDc6SgX4Qet9m5sEdkmZpL65R/u0R9cz66o BMRlUMe7JKLbZ+LZXzZfsjjhzNkG1scJUO06ycVxPs4fmAnqBZb1vA7NGeok16f1 dy/zyiZCJXrZ8Bs2K6r4Qjt4sumbLeqJKNQGCL22FVLC8LHKsWhSc2xzfBgMVRjc UCa/OGWWliap88bndkl0qg1+gI/gC+BCorPAuHe6RpU3QHEfQnPwIL6lurbhPXgk tr1LhiWP9syb0EN0kg8N/3OZWPH/LFJk0MAaja/HS/lZMc4956NWq2bDNMGSKWrj yVS8+O9C6Jgq0u41jp7BI94MPSXyguZni6WAJjTLkbAOUdIy1I7ypt2dwaE0TRwT P8sAKXxUN5IEPvUwi3qmDe9ACdYBErTP5K0yAI27M0zd2E4MP6OLNtz7NQIdEySO BULaw89Jrd5/U6FI8UnYzrsqxgyil1Zkk6qS/4cFiWaxE90GutwvKRBAsvzeAyNd trzrWyZFzsmPr5k8u087RHv4Je8HBtEl5L7vJbGyR2Dz9j+RWGJV3u1DSdz3Zwt8 RhUTEzFZJtU= =C+r+ -----END PGP SIGNATURE-----