Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.0274
openjdk-6 security update
3 February 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openjdk-6
Publisher: Debian
Operating System: Debian GNU/Linux 7
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-0494 CVE-2016-0483 CVE-2016-0466
CVE-2016-0448 CVE-2016-0402 CVE-2015-7575
Reference: ASB-2016.0004
ESB-2016.0197
Original Bulletin:
http://www.debian.org/security/2016/dsa-3465
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3465-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 02, 2016 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : openjdk-6
CVE ID : CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466
CVE-2016-0483 CVE-2016-0494
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, information disclosur, denial of service and insecure
cryptography.
For the oldstable distribution (wheezy), these problems have been fixed
in version 6b38-1.13.10-1~deb7u1.
We recommend that you upgrade your openjdk-6 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWsR/oAAoJEBDCk7bDfE42EkAP/Rn139vdHz+UP0mHl1sT1Yjz
/g7TMEA/hw5adWydkkupjLNjZFjgYJuZo4omm2U+Zvpknpk4bMOeZkmjgUVSaL6a
+s6ncaUYTKY+Jm61/4IHM55fIp8+JgJ88PtRg477ufIxL0ZeE2xFwCynHUAyHKvZ
23n3zsFKUVaSteOY/z968YXLXI2wH5eiLirreCWbTrEJEDUkGLVlxJuSA5pduYQI
AWWAquNAwvrBr1xDtS9U6tUhzMU4L6rvTQwet82L1CmMHYkgwsBmcb4Yowcvwf7u
m8L3nFae4Bfxx6Q4sK8qHGEHvsI5nBMGi5NY+XgVd704ixJI61yeM+BbajXAQ8G0
xc+4kb0FHBKuDt1JJWhPJShGlbgFjIF9xVI32LbScivsq2cmfim5xBKZIHB7NbeU
UeBnvwU6ElSSNc2RRvWC9bNo3RVdBmiUHttkdpXbqRa7ebrMsSLO0pl6U83BvOXw
Spnt5UdeAo6kQ0hKXnx7Inn/VAeXQhHXnnNAvg7pS3hPY/vzPKUSMrAXC6d1npT9
TZvh9qq00G5gBbq7cGyr7ycZ8G8Qexrfjnc16aq9levinOAvEHg/FCsz+SGzTkjY
PB9zkFRm1isRhsO1gJ+ygTAIPPoP4vFyA462mjakPAWuBP8XSHwg9LQ1f01wNz6D
Z4PidBaajqY0B7Of7VrV
=lEvn
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVrFcWn6ZAP0PgtI9AQIIHg//Rwm9VinG6smUDkvoTjQkSKC5grSNRWcx
b5szIcUorCfcqkKZUCjSNNBKl8/6Nqf1BhTBMiaBoBgquEXi0PkYrFfZwDbT9lRt
NgyMlBMwbA5D1BgoFZV+Srq3C6PK1PhODDPGbAfpvsVRKkDLkU5WJAUGw9McQRhk
EWbtIthkZWRxg0y/dt3cPuPPHgPJgZgbxQ65LnXaBG6U47GJ9RO/K7BCjRZbf9s+
sBmj0jJLTY3nl9z+owDtKeuLSGtvjILWUw0jkU68GeOfytvgCUqXw1SnfpluBAl3
YakV2FSN0bJo5udt/UtpeTyBkLOuELw0HaMwrdo+d2gLiFyC+d07EY1oEVBJpZRY
YqOC8qrD8EFsjSHbJhs3A8feh2KZlXplSf4aG7wLTHsJxt7zilWuCx3H0X11k3GC
oz5nRXxs7mgXZcOVowami2DIpMGl5/JVUvpfwOkkn2ai5ARFCYsgbkLwodUKD5Jz
RTLqMTuEV68JWeYfiiQJdOAEL7R6/YFnKu0mWwi8egTeTdeeyTSp68/kaLuIQiWY
evgBal90zpjyyOwejyU6Q7ixusjM6Gw72vJmxOhED4ic4KUBdSm+EzUfBeJgyK4d
l9dDGaugyIQ0VOogGyy1zbG1dP3mpNUT2TE7rm4MWJlxWC92YMUxgXg7BvSoFzt8
meX29Vdb5k0=
=793k
-----END PGP SIGNATURE-----