Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201502-12 ] Oracle JRE/JDK
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2189

PostPosted: Sun Feb 15, 2015 5:26 pm    Post subject: [ GLSA 201502-12 ] Oracle JRE/JDK Reply with quote

Gentoo Linux Security Advisory

Title: Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201502-12)
Severity: normal
Exploitable: remote
Date: February 15, 2015
Bug(s): #507798, #508716, #517220, #525464
ID: 201502-12

Synopsis

Multiple vulnerabilities have been found in Oracle's Java SE
Development Kit and Runtime Environment, the worst of which could lead to
execution of arbitrary code.


Background

Oracle’s Java SE Development Kit and Runtime Environment

Affected Packages

Package: dev-java/oracle-jre-bin
Vulnerable: < 1.7.0.71
Unaffected: >= 1.7.0.71
Architectures: All supported architectures

Package: dev-java/oracle-jdk-bin
Vulnerable: < 1.7.0.71
Unaffected: >= 1.7.0.71
Architectures: All supported architectures

Package: app-emulation/emul-linux-x86-java
Vulnerable: < 1.7.0.71
Unaffected: >= 1.7.0.71
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Oracle’s Java SE
Development Kit and Runtime Environment. Please review the CVE
identifiers referenced below for details.


Impact

A context-dependent attacker may be able to execute arbitrary code,
disclose, update, insert, or delete certain data.


Workaround

There is no known workaround at this time.

Resolution

All Oracle JRE 1.7 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=dev-java/oracle-jre-bin-1.7.0.71"
   
All Oracle JDK 1.7 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=dev-java/oracle-jdk-bin-1.7.0.71"
   
All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=app-emulation/emul-linux-x86-java-1.7.0.71"
   


References

CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-0463
CVE-2014-0464
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2410
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
CVE-2014-2483
CVE-2014-2490
CVE-2014-4208
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4220
CVE-2014-4221
CVE-2014-4223
CVE-2014-4227
CVE-2014-4244
CVE-2014-4247
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4264
CVE-2014-4265
CVE-2014-4266
CVE-2014-4268
CVE-2014-4288
CVE-2014-6456
CVE-2014-6457
CVE-2014-6458
CVE-2014-6466
CVE-2014-6468
CVE-2014-6476
CVE-2014-6485
CVE-2014-6492
CVE-2014-6493
CVE-2014-6502
CVE-2014-6503
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6513
CVE-2014-6515
CVE-2014-6517
CVE-2014-6519
CVE-2014-6527
CVE-2014-6531
CVE-2014-6532
CVE-2014-6558
CVE-2014-6562


Last edited by GLSA on Thu Jun 18, 2015 4:17 am; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum