copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2014.1185 - [Debian] openjdk-6: Multiple vulnerabilities

Date: 18 July 2014
References: ASB-2014.0077  ESB-2014.1175  ESB-2014.1192  ESB-2014.1201  ESB-2014.1222.2  ESB-2014.1341  ESB-2014.1361  ESB-2014.1365  ESB-2014.1416.2  ESB-2014.1443  
ESB-2014.2315  ESB-2015.0441  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.1185
                         openjdk-6 security update
                               18 July 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           openjdk-6
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
                   Unauthorised Access             -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-4268 CVE-2014-4266 CVE-2014-4263
                   CVE-2014-4262 CVE-2014-4252 CVE-2014-4244
                   CVE-2014-4219 CVE-2014-4218 CVE-2014-4216
                   CVE-2014-4209 CVE-2014-2490 

Reference:         ASB-2014.0077
                   ESB-2014.1175

Original Bulletin: 
   http://www.debian.org/security/2014/dsa-2980

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2980-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
July 17, 2014                          http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : openjdk-6
CVE ID         : CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 
                 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262
                 CVE-2014-4263 CVE-2014-4266 CVE-2014-4268

Several vulnerabilities have been discovered in OpenJDK, an 
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, breakouts of the Java sandbox, information disclosure
or denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 6b32-1.13.4-1~deb7u1.

We recommend that you upgrade your openjdk-6 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTx/KNAAoJEBDCk7bDfE42dYwP/iFW+88TUvSMWk4/Ln9BuHD7
29qPGSvQ68+B7/W4RWlrAwzkLfIZXxnC80VujTy0hZLsj7w7+2FsaWCrrmFMIFPo
3/8qcRKpnUYqvSQASs8Zjbrpj+AC22vbl8W6JRLDaHIRem45M0HzEHpwYodvP05l
5vQl209lNEhZJwJkSiL//61ILX1/1eMHhgLLZczbilfQcKG7kswzwqXjyGKtRXgH
X2l8BGkPpw11GjVc8Uusvn2OP8gIcgBpfcStF0/jeLgC9UkbTlLesizHILt0xXVI
7fT1F++zM8laCcGOM3b64/aW7Uh4Ja3iHDCDPuSUmB0FpNZXdlbSWQ9+xzTgQtc3
D7nHemFTvi81n6lwe901KwTt4hCuiCuyopx9EQxij8dsKpK4fVFdbCGKUez7bhcp
EMX3WV3LY/8EaZQuj4X9rv3ZnTP8CFyl3vybUe1EZBbDYckzJKamsUPCDlOmSK42
dfKr+fJcMtk/arn8dcm1CINAz1+Tzb8davslFfWY6vUTJotv78DPxuyvJZI5BNn7
qKRsNbtcIsiOyS7p9TRZ4dPi5GDDF84BqcbVuCYBoEWLX3AfgaMytzt5CvuuRt4N
uwTnRYeGtx56M4i0sjBhSCc+w/0QOxLWA/7gFxblefmwZSAjzEShbdY7BEohOvs4
9rxpmycaQ7gJ/IlnPUZE
=7pmZ
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU8h2HRLndAQH1ShLAQI7LxAAh92N0zzjdzUAt48YOT7oUCuMJye6vOTq
wxfmuNvPPpl2PJwkArUaJgDS1ihFreubPgRfycgFvl/VbFGKOE+vQOfGaPd818tg
lrkUWNZq0gd6FpTv7Qzwg/3H5MC3owh7m15dJ9cEwAhtTfWgnd/+F3gTVDMmKzP6
1O7WSrKu9KU5eQIGhlxJl8L0r9CmjEq38YhHqNc+8oUv5kkDLA0XbD3LUy1YAfUh
v+HxQKJjhIksNOXlw2vTgBKd/lWrHFn4l+J7I+Heqec7zvcsMewkH5qputCWVX59
86YtcZVerVRNk87tWzOdr42Swt3cb69BePdkN14B+OIoJGcTF9+L/cr4dT3vCgIF
VibDk3geijqMJyDMQwPtsMpBJP3FdF2Jk9ggfK0MZNFPzQKgAg6aP8VqcvUi6Fam
yzzNbxkqjrjvkvZUHIKhJ1OdfTrr2lFPXVdf6yLXq1SvI7hH3GTlTVpDowBNsN0V
ihWMt1FlI0xNI+x1LhzVDzf0v3MLF1yLO2nq6JY0iY5+wl8i/ThHsVjFCR9mGRlM
b3QrW48pSFdDFa1WH96MHpm9qBsrKiFPvDBOrtUhMV7R4mjmdugZ7sYY4gPKQsph
vjchhxCAf68n0FXyK31wEXeOjywIJ0kNQkukPN3yy2H3mGbavFK1PIpPAKpE5/V5
ujlj9g3Ifpw=
=BhUH
-----END PGP SIGNATURE-----