Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1025
openjdk-7 security update
27 April 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openjdk-7
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-3427 CVE-2016-3426 CVE-2016-3425
CVE-2016-0695 CVE-2016-0687 CVE-2016-0686
CVE-2016-0636
Reference: ASB-2016.0043
ESB-2016.1012
ESB-2016.1011
ESB-2016.1010
ESB-2016.1009
ESB-2016.1002
ESB-2016.0863
ESB-2016.0791
ESB-2016.0790
ESB-2016.0789
Original Bulletin:
http://www.debian.org/security/2016/dsa-3558
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3558-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 26, 2016 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : openjdk-7
CVE ID : CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695
CVE-2016-3425 CVE-2016-3426 CVE-2016-3427
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, denial of service or information disclosure.
For the stable distribution (jessie), these problems have been fixed in
version 7u101-2.6.6-1~deb8u1.
We recommend that you upgrade your openjdk-7 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXH837AAoJEBDCk7bDfE42T0QP+QGxR+OgBILJHNJTKzZEaCH0
vVuYoMqnPOJAauIxkeT42iDd9r3lIIYDtwM1QmGYAcJpC+i70qwXdufFNOJoXZ+q
nd57UdI2ggnzHkCwqzqQt7BFgOJ+o0VqXuXuezWErdHAIoTN8H0uE9vQJ4Le0ASj
VmKAzNO49ZMhDxrXOTDRFEZCEF2c2+cQ4y5w7Jfs1m1KxWpkQ9MlbQrXtJJYHR2d
opvW9ifTLpND9lAir2TD0oB826g9kY2HySc90e6GxK7Y8l9n2l2eUNYcka2b4DXb
wu/xCrvdB5B4czDXzMJGbo59upsh9u4DOTZpt2I2oWgxDR6wodNHCla4ExfGokOg
TJmO6PYSNuzUQNkXqt7SfME09DfoMBLFSvZ1Rj58whM4XaT15MRkHFXtW/qQPD3i
jOGVVRFn9o0961o6QXe+GrMd6/GfOX9/iK7wapH9Zozpd8Tftp73ZvDsxZseH+vF
lrT8oI7cdLO5vqHeFTahcz0wIVsTFpC6unHW/0ivcBSy58G90BYC3qEU3UebAkfd
6h0GNfC9x5xL2vmHHKYgdgRqrmdUdJlgS5s2ay4SE4cLXoaFOBgT7OK76VDobkYO
TAmvUGrFCeMuNKc1l5p+nLCG5F3RnogDONNXjWSwlM6NSjIm/C6YLoAYYXJrjYXB
G699bO+MYk5QquS65HJx
=Rabo
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVyAVfn6ZAP0PgtI9AQLmoA//dkgzSbZkxzGwU34amgFeTzZXOE9QAMWa
rdU3itHm9MG6/P0xzn92U4eVHgqNzatzng1iGElS8dSZECKXwrEqH8DvKye+8OmR
MYSRjCWfa3CMzj/JNJfHrOqbyXT9a/v4fXy2iF3LFGwBVj6pLrVMENN/j7p0YUTD
CutebX73/wz9NK5KuLX+z9dSMlf7Z9AvTJsSBjw7bOiFG2+gApAvkP4HCzEYB0aY
HGs6dew3KiZD8bY5wNpqs69ROcDyXUh7SIXVlMiHyp2OhctR2WRFn/sGhyeF7iSa
yb/EVqQWkO/S9b+Z+V39+oqPIdeC8qDxX6dESUtwQReJsHjo1NgMfWVj2S1j12TA
BM3cbtu4eoUX18oaCIHvqIPKae2ppeQHk4drAL+SgljeHd4UjrPjliCX1Le0Jys0
rTsgxDhLbIHBWYBom2Yz/dDyA3BheWQ6hCjyE8RbO5L6XrEIyLBSj4DeJ4SKPGKR
J1XRzqTtAj7ZKeUUJ4+ty03BECkltwegoWiJSW0+HUhmCHUxi9R5UHXc/Dq6YA2u
SufS90Vm8+KEyzdZS8WErq7oVLx0T8+V2oFVphSJbA9YIzKDJDcZQ/hU9ew+QDzc
bDWQWOyPixP2KegG0Nnfwi24v3ZG/Dt09jmMJsiSZNiW17IAFug3bnZVmgNFpucU
wgi0jOBTBrY=
=K57h
-----END PGP SIGNATURE-----