Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1799 [DLA 1794-1] libspring-security-2.0-java security update 20 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libspring-security-2.0-java Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-3795 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libspring-security-2.0-java check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - --7fs7naie2h7j2cqp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u1 CVE ID : CVE-2019-3795 A vulnerability was discovered in libspring-security-2.0-java, a modular Java/J2EE application security framework, when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance, resulting in insecure randomness. For Debian 8 "Jessie", this problem has been fixed in version 2.0.7.RELEASE-3+deb8u1. We recommend that you upgrade your libspring-security-2.0-java packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - --7fs7naie2h7j2cqp Content-Type: application/pgp-signature; name="signature.asc" - -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAlziJHQACgkQLNd4Xt2n sg9cag/+L84BHzpcy6d62eSUnCSV3mU63eMgxi4ViQr4I4VXRxQkFEnsfkbFph4H ERXIzD6tCnh5zcpD3LD1jwvpZvMVvwEBT0EVj/z0yb5lZFSQU7G5a/oNfKyKoFMC vQEwPLKCuT6/ZgLd3BpNZq3FV0pUK2AZvA17w2hH3pqc93XuBjjhGW68g3/vVMMR A6uPSslJL3HneYe3vUjmely9qfQFfIKfolvIZ1rG9bj3RbSF6SHUN3glilf1PRVC 2zc2FPTOsYKQiyRjyfUisINijfKPvJ6o+PorQu/uyBLCPpdcDNad6IgxfXNyMZbH JYK2GXeWuswVEcWTyqSDLbG1GCYfMAW4/XnzdHzZU5a7YzSI/DUJHTAt3Q2FHA86 9ye01N6q8OK520nHFB8R78ZhGgIikFYkXxoZQRVcZbVkFBnNoMx/Iy4atHZJFu1e CV9dXrJX45FTnlRIWj+0Lixuel6JsiiJYi/xeY8OKC5Wy2XTfIUsyamv1Arx7DAK G7XO52vcSheG08D/Yl0CRVmhTyf55OfzACnjrB5+oFeR018MWC5UONv9m/sMgE5H QKvhBYEeTtXWQHU8XtzK5fpFsbq/TZirlFWbsidpGQem3uha9pCFy+vBP6t7lVqz EHu6IHQlCdJWAM0pWW3/wBf2rY0lplz3MUVNqDxcuMKhv12RdfM= =lLyA - -----END PGP SIGNATURE----- - --7fs7naie2h7j2cqp-- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXOIttGaOgq3Tt24GAQi63hAA0uByxbcF5ENV3D5fWaCxM/aO0SWmDm/s kyEp+rLa+CXdg1c6+eQ27fB7Zzq9XErqGbHeljv1QR6Rk4Xt78TcLGoMjIZwkPQi gRAzMpibmBI9kVTecna6drvFBRqchA542VvAo17+VgoHdQUgYZ7f4qskdztLh8Tr gZ1wsoVEhuiOzgBRAqY21qOLuhFsY54ovJAio2Q5+zjP127tpxEM04bwVoT0Phk+ b6CZgm1OapTHJvRM0s7pXB5/A3Vho+i3CdjJQ0xDKQXi9hAut66HSc0d5KW1qIjl ur52/+CF/vLevOg+ubOYBzZUWZuTIKG+RJRHBX5BQEPo6VnC/KHQ14ZpfvDz1ha4 XuDngwDQht9kVcUSKKuJ5j0NCogr+RvgugrdvDslZ5OIZuAyChupXBnQWA0Fx6T9 p/90Y3NV01rWGbX30BpBQaQ4RNhs961Fhg6AFYF7L2IdLZ18w6xs6NGBgWBA4boN XLZkuXb4EMfg8M6dSAGMtxPoHCLUqujwODpoQKD+5q2DVk+fsp2bDvk4dq1XUbOq ne+fPFzxAk5gjdEbALqlrdPHSEsD0SDgSqNsf2XuLPYcxWZKiKovid7SmHHCbz2w nIz2oi34vdmF75UJwrP2/hL8iGLniT7UszDFMLixjt2S/qY+in6JSyTZQjHpu4tp BNhzVW/zsuo= =HuEq -----END PGP SIGNATURE-----