Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0492
openjdk-8 security update
13 February 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openjdk-8
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-2659 CVE-2020-2654 CVE-2020-2604
CVE-2020-2601 CVE-2020-2593 CVE-2020-2590
CVE-2020-2583
Reference: ASB-2020.0028
ASB-2020.0027
ESB-2020.0479
ESB-2020.0477
Original Bulletin:
https://lists.debian.org/debian-security-announce/2020/msg00024.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4621-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : openjdk-8
CVE ID : CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601
CVE-2020-2604 CVE-2020-2654 CVE-2020-2659
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
resulting in denial of service, incorrect implementation of Kerberos
GSSAPI and TGS requests or incorrect TLS handshakes.
For the oldstable distribution (stretch), these problems have been fixed
in version 8u242-b08-1~deb9u1.
We recommend that you upgrade your openjdk-8 packages.
For the detailed security status of openjdk-8 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-8
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5Ed10ACgkQEMKTtsN8
TjaY8xAAmKuxIER9Z3L94N+sJuGryJoE9VJOGNGCrjDtKHVGs2RKBPJhAZMWhr8z
Rr6f5wfGahEdIBocWxYtvRNIHwHNb8Ec4IBhsxqCa9ha1QVXSO+CMIRJXYMcT0mC
we/bCi0O7+THaysjJ1X3rko2bQOMoyi501dy0NKDG7WN9UwZom21PB6yLIrs1SMk
PJbSUWDq8Sc1D/tx/8YSq7uQKwR2Ax+ePLqvZ5vuy4w6iaSIRceWRC72DUHdmyGA
csm3vZj3tsqWywDq2dBNErgQWI5itxRlA0dxw1811/DWuYacy57R5N8Kw6IhkJOT
S3Squ0LlN56W+WV5ugYDhVw6tk4trpSWBFjlPqnrzaNMUEoW7aDhwP/F9ke5GgqS
9WD2a/jbA7EoLxaEi31YwHdPLD+77jdVt/ANVFkjFJYT03GXg7ciIfMtbasMoHGJ
3ozcVLvxTUwpoUNRg04pXgO7qBOxdoQGrcEKwCILEJKDVBlSyPeAV//S3WItTRlq
/U0fJ8t5Rw1JDspykzsUmmJJC0KnAgMhiEBLcgTDka9sq0e3vOQZ/ioEiXzKH8a/
EPlo/HhWnSa0bUXnjchw4q8u5wyGHodgJBz762ALcvfWRVYXaXV02kzj4fgfR4aj
3QaKuZrVf2qlktrqbRyjL04M/KdNAVLICVGbjhKpZcPWOpyhD6U=
=8U/H
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXkSrSmaOgq3Tt24GAQi1ZRAAyTGyKB3zPGllTSL24ORnfzlvi18O/edQ
+hzqAWUUcsHhBzT9v0xNdKuTqNQNE+FDy11JhAZTkvVLYe34sZVsg/xoDKu/+5qE
IXXStu+XcyLf8cDAYQhmGg3c4ZxJ/ok77XC7Msr14elUBy2LAXtUiz4Psa5iV6w/
Aaf3G3Cv0ndbS87ZA6j74XapnBoCAmAwCWiahtW39AAUkF6/9aaRiVS8Zv0SwG8Q
93vhsWwz/sKSkuxXOgtfJ0Yo/W+7YksYhsta/6PZnFt1yroxUh5Caam/ZaeKR0bL
UsivZioqC8XL8cCBvudYGVcr2F2mMPRQM7t5JD5oxjnhHa+8EGp42tUN/Zt4hJbq
mguJCeZ4eDqCF48Whjb8MeC9PmLyLGWhJyzoeXk6EN4c1TtTF+QsK8IgJWHh0lu9
oWjinHrpcBCYYQz+KAvNDAmxYPIOvXFbz2PCsn+n/UtugEq4WcIdwDxYpVagZaDE
IHsF7a5qDSiHH47ymEOsnh5YGgChUjzS6K0O0MFE4a3epaRJPV5dOncHPmK4T3PF
gSdzwZDr+7NGVYpMZY+yqinCwtJr/0ayJOCSRedFbfSy/K3McsS+0ft2kp7phYEW
cX81L+DKz2N+GXhkb/LyAP3SlslI12b9x+ZsQh0xNaNcOKWHCYOP6Hvakj6Mbej5
x6qcwsrynrY=
=U7JH
-----END PGP SIGNATURE-----