Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3280 Multiple vulnerabilities in openjdk-8 affect Debian 26 October 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openjdk-8 Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Delete Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-3214 CVE-2018-3183 CVE-2018-3180 CVE-2018-3169 CVE-2018-3149 CVE-2018-3139 CVE-2018-3136 Reference: ASB-2018.0256 ESB-2018.3260 ESB-2018.3258 ESB-2018.3164 Original Bulletin: http://www.debian.org/security/2018/dsa-4326 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4326-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : openjdk-8 CVE ID : CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, incomplete TLS identity verification, information disclosure or the execution of arbitrary code. For the stable distribution (stretch), these problems have been fixed in version 8u181-b13-2~deb9u1. We recommend that you upgrade your openjdk-8 packages. For the detailed security status of openjdk-8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-8 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvSM3EACgkQEMKTtsN8 TjZn8RAAwB6mz17Kf4ZHoAyQvG5zdYYb4oLJwU+0DnzfcWXLq1X3RL+r4hFEMMra Dquiw8hY/ZUY8cNC19QXE0CEmhJXg12cguhfv3G8eTeQE765tEGpm9+ntrmE1GSh Qwx70rWK3vgoRYG2tbTJNKnjH1M4JQXP+qH988gpPH/EmgRIbro5uTLNgmV8dVJO Cxc7gmsUMAFkZg042FGigPZ6rkTVH8LUkwmFlJAgyBcjL+jiaY/O6cciFHY9gis1 ik2EhSkAS+E2WGIWdei430ZYfE13bLCPZ/xQhO/9+DzpRJjDkq7qZHUhdyc0toOq OlauF3Vnnl0rpTAX/3JvaISxJUr2KgCIAKjHuUaPd/iaEy4sBdRSrlJIvHVptKRK 8R+IPZJjyM7AQ4NIaAPdiq3ic2CwbNxTvasZml7RCcW+dUkoDKn74O00ES3FWB1X eT9zu4wZwPsWqjEUabYTxrH2AHuiISVndoY0jZGRQvzM/KnklmdzjkggUDTZFwyc O30l+ziK7DwBbAM5O0aiSA/ldB2AcyUoqj8oYDe5voamy81EqICYeuo9x0eRNdoX dUAkMDHs2RNtndpqQlTPKa9VxEMlUSMnmayHviggr/KwnDCxSroz7c41KmTseWdM cYf0zqZfsZEvVBmezZ5Ra3K0krZpZpGVEDS/rJpwxGu9jXxbAmE= =a+S0 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW9JfbWaOgq3Tt24GAQg5lhAA2bv08dYR/1qlGMlATsilcMAArw/eO2KW zGH3pwbKL2Yo5wK7TzN/A71OZXEzBX8em7vul56237SHu/BKvwfM7EW+uS8O/AnM jrYnMpS1HLp3hGhexdOXUFqfJbLKv3uV3CE1rlEhrJgFY6PhruH6PxKyKc5C0Sto b5yBUn0saDhGIhkDRrq6B6Vyf+5yQm2D0JKh7jMTT8tjRtknQOEppdQsAVzqT1Ai nDTPZZU84ZtZwdYmi6ks95kgHnb+QwtG7OcCBILQtLn92hjvmrVoE9DJmhTbsBcn vtU7a9e54wwIBAOsNz1WYMXnA2nelF265VJru3F9gRTp4i7eX2fl+v4Ua2XGmBkk 5OxjKdfa1KGWcPA1x2lx2cRSnDyFSvvlaURJGhPoeqyAEaCo37LKGCrXzaKbLpaF IuaO0UT8FCV/fBk2qnjutRuMevYQdVRO8wrT4J/b+Wh/H5namtU3oehJzQ9qIUXJ phpPwKyKA93h/geTcNmKqxNOeVGkSnhyEivM8EIMYUTIDkGu7w15qzVKosbDwz4P 8RayJaWhIvMGvPXWVXrBu/3G/RoHzvD1Zvkl8S0tIe2OZysYU5bLGkpRbZaKmcCv ud2YSp0Xqs75xXbTR+vRR1yX7863ogGYsOXRALiBCNutL+sSq9PMeyut1hENCusb jdqFKAEN9/4= =eHSD -----END PGP SIGNATURE-----