[SECURITY] [DLA 3929-1] openjdk-11 security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3929-1] openjdk-11 security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Mon, 21 Oct 2024 17:32:53 +0200
Message-id: <[🔎] 20241021153253.F033C2A0653@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3929-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
October 21, 2024                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openjdk-11
Version        : 11.0.25+9-1~deb11u1
CVE ID         : CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, information disclosure or bypass
of Java sandbox restrictions.

For Debian 11 bullseye, these problems have been fixed in version
11.0.25+9-1~deb11u1.

We recommend that you upgrade your openjdk-11 packages.

For the detailed security status of openjdk-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmcWdCIACgkQnUbEiOQ2
gwLuCQ/+PyTODi/9jtQ2EiBgGYWqHDlf6atq2p4o5FT5F7fOoWJ+XcaSxKMCairU
oAWBEeuajXHnE1lkIiShIjBsPTIZVqdfgjHCqSLO6ncPYrct/3UhVLLeyZMPePzD
lUwcqHJSvWoUiWPEZJ5FfmoCRho5UCIImVG/TN+uyeAEebOs1JQRgDrrGS/Zbbot
bdUR93epEzD7cyYceEG/mFUd6STCLObhOJoHOpcsp2gVXH8hBs549PqRmf83vYOf
3i5/c41vg0L129phYFJceaNv616PXrImrL2UgsxoDHBvYd7Q4uqjhT2skJ0IiliK
6JnY0K51apN4FmiEWgEySjCZWMf4aNXr6U9hcYio2fAFFiR1uuPjmvzEHapB9drv
0OdrJUgXbK/Ti26orwQu4nPNOCHzv3lMgy3J8/cV90FDh4PTluIJ4TzSTKZCneDA
2bLtB658/AjAeA7IOjNuWQUjhclppHviFdUdOwxy4PExFs359LcB9tbuiqcSnTEQ
nI+SnD4Qr/WCoQtGsKpA39sL18CmmHq7V1o6vFIIk+TUlpccrGWK/gqmo1qNvVTn
nHRBwcUCnSKVCngUhzY541LX7pqDmxqgVaEutLd697QD6Hh8BHpQliehutt45YAu
3/dVnLSUgVhRT7RF0WhL+XgPPYKxhIzDDSRnnPYg5wmdZuBpWlg=
=VCBB
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3928-1] ffmpeg security update
Next by Date: [SECURITY] [DLA 3930-1] libsepol security update
Previous by thread: [SECURITY] [DLA 3928-1] ffmpeg security update
Next by thread: [SECURITY] [DLA 3930-1] libsepol security update
Index(es):
- Date
- Thread