Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1400 openjdk-11 security update 26 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openjdk-11 Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-2161 Reference: ASB-2021.0076 ESB-2021.0701 Original Bulletin: http://www.debian.org/security/2021/dsa-4899 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4899-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 23, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : openjdk-11 CVE ID : CVE-2021-2161 It was discovered that the OpenJDK Java platform incompletely enforced configuration settings used in Jar signing verifications. For the stable distribution (buster), this problem has been fixed in version 11.0.11+9-1~deb10u1. We recommend that you upgrade your openjdk-11 packages. For the detailed security status of openjdk-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCDKPUACgkQEMKTtsN8 TjZZOQ/9HjEtAPhML2FPJSlmH9rEELNkGMwOhgc34MF1RjLw0BUll3UPY7Yo2caL KrDpzsZ3awRJNlp+i4m5Fk87kIUpXi08JP9nGe1aaQk/8HjTJD/hZ7SBf+fqtgDZ cNzQEK93hBma3/aB1HAAmYPzAFdOuS6M23P77mlmoffNC58EkiIiqXHlRRVfaa03 wKxn/nX1W5aDpDtOCBqw4oouVM7d6lEAX6Di9MmBSye3CSIAzH/fcTNi1IBGF4la Eq46iLzb0guadkkbZNEpTzK2K02OJdKDCINWnJa7tLPH8oQ9cSW1gz7hpbyUNchf VWZphQ1dVOaHDcAfWpWRwKTmVjd3/n/mBSdOyFUQOxSTlOdwTvLVCE0KOLxYaE7p OhsGXAWFST0N3zo8TP+JM4AKu5xI4Pd0zllRLoQ+3fDk2p5etnY6pwKYF4m4LT3T +JvXGTf030Lq9aG/9yY31Mgn1S6QZe65/KW00tFgwsKTeNZPiU9K3Oq/+NFjuZmK +f7tgXfP1KwgD4eS8kuXuty93nWHOYLkaEAaTwY5DRl2NZWAuFLBsYpC+iroZf3F ADUzH8rIuwX8D8DJY6ey679R96XDNXDY5voIwbLu6FTDdp0voViXYXRp9CN5HWrh kaFS5gAXlKhq9lHrhuiVppp5x05Muq/faunTE+Dw8aC7a0wPbrc= =deH3 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYIZieuNLKJtyKPYoAQjGEg//eFzD/EFMzQGT8NsOZzkrQlZlqnBHeIEd ENj5OtB7YL0QKFWTYVm7aTuCnNL8y/VD2vSzqdk6ovJHBtQNnYb6ImBHrUmRaumA Xo0IzuzFkdEAAQMSc4udKKz+uJ2nJBbHSsseHl31b2rDkiOoqNd0FpfnIljKvOE3 Iopldj6Zf1o17PBECrQt1AKBEY3UrK+GDii/b4uMxCkElYqKkxQPJYx35/h7RiX1 KEt/4XBbTj1QmxXVZOy+tQzfzpoXGYDfQuggfz61mORQE7tpbypULHmBvDjtQzPT wjbXjJYcOjMtoEVW4xYe0tOju54ys8TDqsErtLO0AeseOhsNyLEUgQr6tmwj5x8Y wWna2OwMyJ8GyPmA3k8Swh/GkkemMCXcgL1q+Fbt1uhe89m79tS5PQm7rXcWdsxS 1lMHQcAJ1ziUDXx9asEhrAr8UsaVixOX86VNH7FsBKgTnZ6PPhsTUpVUEvV8SFQa MEuTDcsaZHz7NBXbPU0mwzrHUPySFg+dmpI7KA0moWdGRlhrxJu0Y8Dh1Y/eTQ4u hOx7jKG3jd9bfqicNnCF09V5ELUah4fu3qR8WS5J20twJ3jXwjtyjq9Dgxt2PAGv neVydzMrpcVy7dbce8LyNTKHm+Ac2re05v3scPUeCGNWQI5Hb4FJ1D2fIPYsTrGu 9cH1aOJWaPo= =jAuI -----END PGP SIGNATURE-----