Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1799
[DLA 1794-1] libspring-security-2.0-java security update
20 May 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libspring-security-2.0-java
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-3795
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running libspring-security-2.0-java check for an updated version of
the software for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- --7fs7naie2h7j2cqp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Package : libspring-security-2.0-java
Version : 2.0.7.RELEASE-3+deb8u1
CVE ID : CVE-2019-3795
A vulnerability was discovered in libspring-security-2.0-java, a modular
Java/J2EE application security framework, when using
SecureRandomFactoryBean#setSeed to configure a SecureRandom instance,
resulting in insecure randomness.
For Debian 8 "Jessie", this problem has been fixed in version
2.0.7.RELEASE-3+deb8u1.
We recommend that you upgrade your libspring-security-2.0-java packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --7fs7naie2h7j2cqp
Content-Type: application/pgp-signature; name="signature.asc"
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAlziJHQACgkQLNd4Xt2n
sg9cag/+L84BHzpcy6d62eSUnCSV3mU63eMgxi4ViQr4I4VXRxQkFEnsfkbFph4H
ERXIzD6tCnh5zcpD3LD1jwvpZvMVvwEBT0EVj/z0yb5lZFSQU7G5a/oNfKyKoFMC
vQEwPLKCuT6/ZgLd3BpNZq3FV0pUK2AZvA17w2hH3pqc93XuBjjhGW68g3/vVMMR
A6uPSslJL3HneYe3vUjmely9qfQFfIKfolvIZ1rG9bj3RbSF6SHUN3glilf1PRVC
2zc2FPTOsYKQiyRjyfUisINijfKPvJ6o+PorQu/uyBLCPpdcDNad6IgxfXNyMZbH
JYK2GXeWuswVEcWTyqSDLbG1GCYfMAW4/XnzdHzZU5a7YzSI/DUJHTAt3Q2FHA86
9ye01N6q8OK520nHFB8R78ZhGgIikFYkXxoZQRVcZbVkFBnNoMx/Iy4atHZJFu1e
CV9dXrJX45FTnlRIWj+0Lixuel6JsiiJYi/xeY8OKC5Wy2XTfIUsyamv1Arx7DAK
G7XO52vcSheG08D/Yl0CRVmhTyf55OfzACnjrB5+oFeR018MWC5UONv9m/sMgE5H
QKvhBYEeTtXWQHU8XtzK5fpFsbq/TZirlFWbsidpGQem3uha9pCFy+vBP6t7lVqz
EHu6IHQlCdJWAM0pWW3/wBf2rY0lplz3MUVNqDxcuMKhv12RdfM=
=lLyA
- -----END PGP SIGNATURE-----
- --7fs7naie2h7j2cqp--
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXOIttGaOgq3Tt24GAQi63hAA0uByxbcF5ENV3D5fWaCxM/aO0SWmDm/s
kyEp+rLa+CXdg1c6+eQ27fB7Zzq9XErqGbHeljv1QR6Rk4Xt78TcLGoMjIZwkPQi
gRAzMpibmBI9kVTecna6drvFBRqchA542VvAo17+VgoHdQUgYZ7f4qskdztLh8Tr
gZ1wsoVEhuiOzgBRAqY21qOLuhFsY54ovJAio2Q5+zjP127tpxEM04bwVoT0Phk+
b6CZgm1OapTHJvRM0s7pXB5/A3Vho+i3CdjJQ0xDKQXi9hAut66HSc0d5KW1qIjl
ur52/+CF/vLevOg+ubOYBzZUWZuTIKG+RJRHBX5BQEPo6VnC/KHQ14ZpfvDz1ha4
XuDngwDQht9kVcUSKKuJ5j0NCogr+RvgugrdvDslZ5OIZuAyChupXBnQWA0Fx6T9
p/90Y3NV01rWGbX30BpBQaQ4RNhs961Fhg6AFYF7L2IdLZ18w6xs6NGBgWBA4boN
XLZkuXb4EMfg8M6dSAGMtxPoHCLUqujwODpoQKD+5q2DVk+fsp2bDvk4dq1XUbOq
ne+fPFzxAk5gjdEbALqlrdPHSEsD0SDgSqNsf2XuLPYcxWZKiKovid7SmHHCbz2w
nIz2oi34vdmF75UJwrP2/hL8iGLniT7UszDFMLixjt2S/qY+in6JSyTZQjHpu4tp
BNhzVW/zsuo=
=HuEq
-----END PGP SIGNATURE-----