[SECURITY] [DLA 2325-1] openjdk-8 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2325-1] openjdk-8 security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 13 Aug 2020 12:07:24 +0200
Message-id: <[🔎] 1fa5049d-0563-a300-fd0c-81618d62b9ea@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2325-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
August 13, 2020                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openjdk-8
Version        : 8u265-b01-0+deb9u1
CVE ID         : CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579
                 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
resulting in denial of service, bypass of access/sandbox restrictions or
information disclosure.

For Debian 9 stretch, these problems have been fixed in version
8u265-b01-0+deb9u1.

We recommend that you upgrade your openjdk-8 packages.

For the detailed security status of openjdk-8 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-8

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl81ENkACgkQnUbEiOQ2
gwKJNA//aVudX1UHvAYLHly3JxFZanCKBPIxnwo/nVcGvkEsNag7WbDfcEYW/RWA
M9Lda3EqfRtgguPHB/AOpGgUj/0gayT4wJb275OTOeuaNd7KdlD8Kk8EMf7E3IGW
pRxR2N/mEGhjb7DVXZy/SNWj4co6Yk6Nwh6ikEgR1kXDwlJMXStowKNApyNra+30
rosflBtlkE56uOJQI3GT/B0dF5GuJM5vOzXXM2Lcgo4EKci+vmWq7uzCfDKY2MzO
f2Oocfi5CCwS/6S10XkDGG5xvuP3tXKMs7ggfv8ooNDeaGSWnXJIzBFEHg1ILF3j
n7KhGIPMysyGbGNU0DgOxCOrsUP8ivhdA36fVWRV7JCFxlHjkM1BYY4z0s5dub3e
Q9dR0uPeHfiDUie6LN3FVoiM0ugn32WwtCACG1JvNifLF1vdzgSmvpvKpk1paF+r
XBxw9K6p1tggvTMfFGThI/d8Cpmcao38egybPyYdWGzsvMpVu1EgAk4aUDdlHGVh
A+C6sH9cUNSAJWcyfa5IGvLiFmjGhl/WDABm0HC7DJ2N5Rp5OsvEpbDJixV4kaa0
A/D8XRRR1UEFeGCWEDmIXaCadaM0qa5yiNNAb1pg5fA+N/lXiM0egmVrrVBskjko
8IGmrdGJCPNgatwL4N/M3E4ZLkqgTyQVIRuX7TYVUDLvfnVynto=
=E49I
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2324-1] linux-latest-4.19 new package
Next by Date: [SECURITY] [DLA 2278-2] squid3 regression update
Previous by thread: [SECURITY] [DLA 2324-1] linux-latest-4.19 new package
Next by thread: [SECURITY] [DLA 2278-2] squid3 regression update
Index(es):
- Date
- Thread