Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0492 openjdk-8 security update 13 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openjdk-8 Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-2659 CVE-2020-2654 CVE-2020-2604 CVE-2020-2601 CVE-2020-2593 CVE-2020-2590 CVE-2020-2583 Reference: ASB-2020.0028 ASB-2020.0027 ESB-2020.0479 ESB-2020.0477 Original Bulletin: https://lists.debian.org/debian-security-announce/2020/msg00024.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4621-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : openjdk-8 CVE ID : CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. For the oldstable distribution (stretch), these problems have been fixed in version 8u242-b08-1~deb9u1. We recommend that you upgrade your openjdk-8 packages. For the detailed security status of openjdk-8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-8 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5Ed10ACgkQEMKTtsN8 TjaY8xAAmKuxIER9Z3L94N+sJuGryJoE9VJOGNGCrjDtKHVGs2RKBPJhAZMWhr8z Rr6f5wfGahEdIBocWxYtvRNIHwHNb8Ec4IBhsxqCa9ha1QVXSO+CMIRJXYMcT0mC we/bCi0O7+THaysjJ1X3rko2bQOMoyi501dy0NKDG7WN9UwZom21PB6yLIrs1SMk PJbSUWDq8Sc1D/tx/8YSq7uQKwR2Ax+ePLqvZ5vuy4w6iaSIRceWRC72DUHdmyGA csm3vZj3tsqWywDq2dBNErgQWI5itxRlA0dxw1811/DWuYacy57R5N8Kw6IhkJOT S3Squ0LlN56W+WV5ugYDhVw6tk4trpSWBFjlPqnrzaNMUEoW7aDhwP/F9ke5GgqS 9WD2a/jbA7EoLxaEi31YwHdPLD+77jdVt/ANVFkjFJYT03GXg7ciIfMtbasMoHGJ 3ozcVLvxTUwpoUNRg04pXgO7qBOxdoQGrcEKwCILEJKDVBlSyPeAV//S3WItTRlq /U0fJ8t5Rw1JDspykzsUmmJJC0KnAgMhiEBLcgTDka9sq0e3vOQZ/ioEiXzKH8a/ EPlo/HhWnSa0bUXnjchw4q8u5wyGHodgJBz762ALcvfWRVYXaXV02kzj4fgfR4aj 3QaKuZrVf2qlktrqbRyjL04M/KdNAVLICVGbjhKpZcPWOpyhD6U= =8U/H - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXkSrSmaOgq3Tt24GAQi1ZRAAyTGyKB3zPGllTSL24ORnfzlvi18O/edQ +hzqAWUUcsHhBzT9v0xNdKuTqNQNE+FDy11JhAZTkvVLYe34sZVsg/xoDKu/+5qE IXXStu+XcyLf8cDAYQhmGg3c4ZxJ/ok77XC7Msr14elUBy2LAXtUiz4Psa5iV6w/ Aaf3G3Cv0ndbS87ZA6j74XapnBoCAmAwCWiahtW39AAUkF6/9aaRiVS8Zv0SwG8Q 93vhsWwz/sKSkuxXOgtfJ0Yo/W+7YksYhsta/6PZnFt1yroxUh5Caam/ZaeKR0bL UsivZioqC8XL8cCBvudYGVcr2F2mMPRQM7t5JD5oxjnhHa+8EGp42tUN/Zt4hJbq mguJCeZ4eDqCF48Whjb8MeC9PmLyLGWhJyzoeXk6EN4c1TtTF+QsK8IgJWHh0lu9 oWjinHrpcBCYYQz+KAvNDAmxYPIOvXFbz2PCsn+n/UtugEq4WcIdwDxYpVagZaDE IHsF7a5qDSiHH47ymEOsnh5YGgChUjzS6K0O0MFE4a3epaRJPV5dOncHPmK4T3PF gSdzwZDr+7NGVYpMZY+yqinCwtJr/0ayJOCSRedFbfSy/K3McsS+0ft2kp7phYEW cX81L+DKz2N+GXhkb/LyAP3SlslI12b9x+ZsQh0xNaNcOKWHCYOP6Hvakj6Mbej5 x6qcwsrynrY= =U7JH -----END PGP SIGNATURE-----