[SECURITY] [DSA 5478-1] openjdk-11 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5478-1] openjdk-11 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 16 Aug 2023 18:26:38 +0000
Message-id: <[🔎] ZN0U3ldi7SMKsS1q@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5478-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 16, 2023                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-11
CVE ID         : CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 
                 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-22006 
                 CVE-2023-22036 CVE-2023-22041 CVE-2023-22045 CVE-2023-22049

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in bypass of sandbox restrictions, information
disclosure, reduced cryptographic strength of the AES implementation,
directory traversal or denial of service.
      
For the oldstable distribution (bullseye), these problems have been fixed
in version 11.0.20+8-1~deb11u1.

We recommend that you upgrade your openjdk-11 packages.

For the detailed security status of openjdk-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTdEtEACgkQEMKTtsN8
Tja/nQ//eX9gCDOYqnUCQstcYptYuXgyES5gFeaKVA/cN/isdWaiDIjD0kTiwYQK
Gzck9y5gobZpTc6oqOLb7aaMXqo2NhhJF/G7SNuc0zeo6hQF6pwxvdBz3GA2BAQC
rc2xEHoxAekd2uZq2Oo9UG48V+2M5eB8sBc4f0FuTk2UQby3cwCIvAp3X/QsBrLg
kKp3H34fxwFb8YXtA5MgaEn+qzBa3XWd6MeN5qyEIHtJ+np5htr6xFjQxUNPnwHe
i0e67Jvvo0uIb3nwKPyuEPDZvG4FYWN6IKrbuS8b9/RWcSxkgXZbZsJ/8Ipa9dTV
1/B0/qvICq3Zt6Wq1HX5KNJRq/zfvx/RhA59dSpYnP/pE4qsQ8MNgNd2LWaixgu4
p2JPc+OpSZOkeZyygdf/oDuNj9dkllVu62ygwVxsmQRqMtZkOB7cnPHHBTMG+Arn
V4lmfweWO9TEMzMOf6H91G84zwfbgiHoymdAdGfJHhZt2wh+xAvrQCsRdHRk1BX6
NSXq4nQp2Wlkdr6w763C0LU6F9AqwF06GesQmOhbt0ZCD7e5CwT4umm19F/gDhHP
eoUQ0CU6tF03WurwYuR/RKcYqISZIPRj5ORIDLYrGJIVCBm9phhmliyVSplf1Jx5
jTcZTlHy9NpauQcSpc7kXmUg6SNYYYOxQHnfIHyz+dHqh5jgz1A=
=wEyu
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5477-1] samba security update
Next by Date: [SECURITY] [DSA 5479-1] chromium security update
Previous by thread: [SECURITY] [DSA 5477-1] samba security update
Next by thread: [SECURITY] [DSA 5479-1] chromium security update
Index(es):
- Date
- Thread