lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 21 Jul 2019 18:05:03 +0000
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4486-1] openjdk-11 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4486-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 21, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-11
CVE ID         : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786
                 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
resulting in information disclosure, denial of service or bypass of
sandbox restrictions. In addition the implementation of elliptic curve
cryptography was modernised.

For the stable distribution (buster), these problems have been fixed in
version 11.0.4+11-1~deb10u1.

We recommend that you upgrade your openjdk-11 packages.

For the detailed security status of openjdk-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl00pvIACgkQEMKTtsN8
Tjb0rQ/7BFwskB5NCf54hXlW76WBCWSt/9+SgenZkkteJxdJIqIFBleoXLng09cl
B2fiZQqSSRr3ojvUaJH4gyHki/lS7+3PLYH8Wb12xCo1+t8vjJygDCpElDKHrdit
hoReCQKNoN4zymK0Dr+XpzgWReDjnolxh+yV+JLSbW+Q4oqMd52UfNjzGUJgSF8v
DCIVHIuR1fTPSr+wSab+H1UcOU5wMHp0DjijA4WObTlL4xSx9IPBixfmIP8OkFMK
pTJBemYhutgJspumg3nTcgc07PjqL3OPDs9b/86tmJ7Ms1O91ewn+kdQksHDL2Cu
xBEKaotNNK0XhMNhR8dg9uuDfzpL2ca0hSUg/e24N3WIYEzSkN4JLO2AoaFgB0pA
80yItXAPV/yqpYGsfd2OGlzRAhjimmEEz7bSm5k2n91krv5C8Wt9UlxbiW2ZRCqk
f+SohqwPThT29HQTRujLFS8Q5FnsgC4UWR6Zb3GrQmVy4X7bXOdMaod09XB3oteF
q2cBaKH0doEH/oZYIxs1Z4OYyO114Ot25eKh53ebrZd2UQnzmYv7WPVUY4m6nTVX
TFX+LCYBlQy+PWZZjw4nxnVzCWhIi2J8SGVGHxoPfxZzrKG6hRRGGmVZSvlSDcER
C0ObeLGKyQLi8b4ycJOjHdnVxAiZlQRbtWzCr+Ytu7Ak48hDGT4=
=bZ5f
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ