it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5478-1] openjdk-11 security update
- Date: Wed, 16 Aug 2023 18:26:38 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/ZN0U3ldi7SMKsS1q AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=2xJkx/2yiCfwVKTx6gDmabREik0kBxIem8yqH4Q+WB8=; b=sV XvU7wlktMFmItRz8Hfn+//7n+HjGgs/fJcPJajmhSA8YFHN/6dzA3nyNe5sUYH/nSjTU6YrcifgGP G0tjQfYlAIDBsH/wn/TytyhDcND24WvS+gVMLBIQlpojwQP7j1Q/vwy+U5yC/gKCB5bVSZZEvUDvj SevccwzEqKpYE3IMuBJTNHJccyTLArZsh9PC+XYmDfmQ/2tzEJhAW0p9soLhptvNMPMCDzVk95Z4Q qHOa/wi5wgfl/rm5EmflvLFhXZcY4T3byz4TYHTTHj5ErFNQ/RtyHJrmUphj7s7HEIYjMzb4RcJIo 68KT1zQp4IqDMQc9NjlACt8acp0C947w==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 16 Aug 2023 18:27:07 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <YghI5z4nQUJ.A.bKC.7TR3kB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5478-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openjdk-11
CVE ID : CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939
CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-22006
CVE-2023-22036 CVE-2023-22041 CVE-2023-22045 CVE-2023-22049
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in bypass of sandbox restrictions, information
disclosure, reduced cryptographic strength of the AES implementation,
directory traversal or denial of service.
For the oldstable distribution (bullseye), these problems have been fixed
in version 11.0.20+8-1~deb11u1.
We recommend that you upgrade your openjdk-11 packages.
For the detailed security status of openjdk-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTdEtEACgkQEMKTtsN8
Tja/nQ//eX9gCDOYqnUCQstcYptYuXgyES5gFeaKVA/cN/isdWaiDIjD0kTiwYQK
Gzck9y5gobZpTc6oqOLb7aaMXqo2NhhJF/G7SNuc0zeo6hQF6pwxvdBz3GA2BAQC
rc2xEHoxAekd2uZq2Oo9UG48V+2M5eB8sBc4f0FuTk2UQby3cwCIvAp3X/QsBrLg
kKp3H34fxwFb8YXtA5MgaEn+qzBa3XWd6MeN5qyEIHtJ+np5htr6xFjQxUNPnwHe
i0e67Jvvo0uIb3nwKPyuEPDZvG4FYWN6IKrbuS8b9/RWcSxkgXZbZsJ/8Ipa9dTV
1/B0/qvICq3Zt6Wq1HX5KNJRq/zfvx/RhA59dSpYnP/pE4qsQ8MNgNd2LWaixgu4
p2JPc+OpSZOkeZyygdf/oDuNj9dkllVu62ygwVxsmQRqMtZkOB7cnPHHBTMG+Arn
V4lmfweWO9TEMzMOf6H91G84zwfbgiHoymdAdGfJHhZt2wh+xAvrQCsRdHRk1BX6
NSXq4nQp2Wlkdr6w763C0LU6F9AqwF06GesQmOhbt0ZCD7e5CwT4umm19F/gDhHP
eoUQ0CU6tF03WurwYuR/RKcYqISZIPRj5ORIDLYrGJIVCBm9phhmliyVSplf1Jx5
jTcZTlHy9NpauQcSpc7kXmUg6SNYYYOxQHnfIHyz+dHqh5jgz1A=
=wEyu
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5478-1] openjdk-11 security update, Moritz Muehlenhoff, 16.08.2023
Archiv bereitgestellt durch MHonArc 2.6.24.