Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.0274 openjdk-6 security update 3 February 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openjdk-6 Publisher: Debian Operating System: Debian GNU/Linux 7 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-0494 CVE-2016-0483 CVE-2016-0466 CVE-2016-0448 CVE-2016-0402 CVE-2015-7575 Reference: ASB-2016.0004 ESB-2016.0197 Original Bulletin: http://www.debian.org/security/2016/dsa-3465 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3465-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : openjdk-6 CVE ID : CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography. For the oldstable distribution (wheezy), these problems have been fixed in version 6b38-1.13.10-1~deb7u1. We recommend that you upgrade your openjdk-6 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWsR/oAAoJEBDCk7bDfE42EkAP/Rn139vdHz+UP0mHl1sT1Yjz /g7TMEA/hw5adWydkkupjLNjZFjgYJuZo4omm2U+Zvpknpk4bMOeZkmjgUVSaL6a +s6ncaUYTKY+Jm61/4IHM55fIp8+JgJ88PtRg477ufIxL0ZeE2xFwCynHUAyHKvZ 23n3zsFKUVaSteOY/z968YXLXI2wH5eiLirreCWbTrEJEDUkGLVlxJuSA5pduYQI AWWAquNAwvrBr1xDtS9U6tUhzMU4L6rvTQwet82L1CmMHYkgwsBmcb4Yowcvwf7u m8L3nFae4Bfxx6Q4sK8qHGEHvsI5nBMGi5NY+XgVd704ixJI61yeM+BbajXAQ8G0 xc+4kb0FHBKuDt1JJWhPJShGlbgFjIF9xVI32LbScivsq2cmfim5xBKZIHB7NbeU UeBnvwU6ElSSNc2RRvWC9bNo3RVdBmiUHttkdpXbqRa7ebrMsSLO0pl6U83BvOXw Spnt5UdeAo6kQ0hKXnx7Inn/VAeXQhHXnnNAvg7pS3hPY/vzPKUSMrAXC6d1npT9 TZvh9qq00G5gBbq7cGyr7ycZ8G8Qexrfjnc16aq9levinOAvEHg/FCsz+SGzTkjY PB9zkFRm1isRhsO1gJ+ygTAIPPoP4vFyA462mjakPAWuBP8XSHwg9LQ1f01wNz6D Z4PidBaajqY0B7Of7VrV =lEvn - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVrFcWn6ZAP0PgtI9AQIIHg//Rwm9VinG6smUDkvoTjQkSKC5grSNRWcx b5szIcUorCfcqkKZUCjSNNBKl8/6Nqf1BhTBMiaBoBgquEXi0PkYrFfZwDbT9lRt NgyMlBMwbA5D1BgoFZV+Srq3C6PK1PhODDPGbAfpvsVRKkDLkU5WJAUGw9McQRhk EWbtIthkZWRxg0y/dt3cPuPPHgPJgZgbxQ65LnXaBG6U47GJ9RO/K7BCjRZbf9s+ sBmj0jJLTY3nl9z+owDtKeuLSGtvjILWUw0jkU68GeOfytvgCUqXw1SnfpluBAl3 YakV2FSN0bJo5udt/UtpeTyBkLOuELw0HaMwrdo+d2gLiFyC+d07EY1oEVBJpZRY YqOC8qrD8EFsjSHbJhs3A8feh2KZlXplSf4aG7wLTHsJxt7zilWuCx3H0X11k3GC oz5nRXxs7mgXZcOVowami2DIpMGl5/JVUvpfwOkkn2ai5ARFCYsgbkLwodUKD5Jz RTLqMTuEV68JWeYfiiQJdOAEL7R6/YFnKu0mWwi8egTeTdeeyTSp68/kaLuIQiWY evgBal90zpjyyOwejyU6Q7ixusjM6Gw72vJmxOhED4ic4KUBdSm+EzUfBeJgyK4d l9dDGaugyIQ0VOogGyy1zbG1dP3mpNUT2TE7rm4MWJlxWC92YMUxgXg7BvSoFzt8 meX29Vdb5k0= =793k -----END PGP SIGNATURE-----