Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201401-30 ] Oracle JRE/JDK: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2189

PostPosted: Tue Jan 28, 2014 12:23 pm    Post subject: [ GLSA 201401-30 ] Oracle JRE/JDK: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201401-30)
Severity: high
Exploitable: local, remote
Date: January 27, 2014
Bug(s): #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148
ID: 201401-30

Synopsis

Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact.


Background

The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).


Affected Packages

Package: dev-java/sun-jdk
Vulnerable: <= 1.6.0.45
Architectures: All supported architectures

Package: dev-java/oracle-jdk-bin
Vulnerable: < 1.7.0.51
Unaffected: >= 1.7.0.51
Architectures: All supported architectures

Package: dev-java/sun-jre-bin
Vulnerable: <= 1.6.0.45
Architectures: All supported architectures

Package: dev-java/oracle-jre-bin
Vulnerable: < 1.7.0.51
Unaffected: >= 1.7.0.51
Architectures: All supported architectures

Package: app-emulation/emul-linux-x86-java
Vulnerable: < 1.7.0.51
Unaffected: >= 1.7.0.51
Architectures: All supported architectures


Description

Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below for
details.


Impact

An unauthenticated, remote attacker could exploit these vulnerabilities
to execute arbitrary code.
Furthermore, a local or remote attacker could exploit these
vulnerabilities to cause unspecified impact, possibly including remote
execution of arbitrary code.


Workaround

There is no known workaround at this time.

Resolution

All Oracle JDK 1.7 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=dev-java/oracle-jdk-bin-1.7.0.51"
   
All Oracle JRE 1.7 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=dev-java/oracle-jre-bin-1.7.0.51"
   
All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=app-emulation/emul-linux-x86-java-1.7.0.51"
   
All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one
of the newer Oracle packages like dev-java/oracle-jdk-bin or
dev-java/oracle-jre-bin or choose another alternative we provide; eg. the
IBM JDK/JRE or the open source IcedTea.
NOTE: As Oracle has revoked the DLJ license for its Java implementation,
the packages can no longer be updated automatically.


References

CVE-2011-3563
CVE-2011-5035
CVE-2012-0497
CVE-2012-0498
CVE-2012-0499
CVE-2012-0500
CVE-2012-0501
CVE-2012-0502
CVE-2012-0503
CVE-2012-0504
CVE-2012-0505
CVE-2012-0506
CVE-2012-0507
CVE-2012-0547
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-1541
CVE-2012-1682
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1721
CVE-2012-1722
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
CVE-2012-1726
CVE-2012-3136
CVE-2012-3143
CVE-2012-3159
CVE-2012-3174
CVE-2012-3213
CVE-2012-3216
CVE-2012-3342
CVE-2012-4416
CVE-2012-4681
CVE-2012-5067
CVE-2012-5068
CVE-2012-5069
CVE-2012-5070
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5074
CVE-2012-5075
CVE-2012-5076
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5087
CVE-2012-5088
CVE-2012-5089
CVE-2013-0169
CVE-2013-0351
CVE-2013-0401
CVE-2013-0402
CVE-2013-0409
CVE-2013-0419
CVE-2013-0422
CVE-2013-0423
CVE-2013-0430
CVE-2013-0437
CVE-2013-0438
CVE-2013-0445
CVE-2013-0446
CVE-2013-0448
CVE-2013-0449
CVE-2013-0809
CVE-2013-1473
CVE-2013-1479
CVE-2013-1481
CVE-2013-1484
CVE-2013-1485
CVE-2013-1486
CVE-2013-1487
CVE-2013-1488
CVE-2013-1491
CVE-2013-1493
CVE-2013-1500
CVE-2013-1518
CVE-2013-1537
CVE-2013-1540
CVE-2013-1557
CVE-2013-1558
CVE-2013-1561
CVE-2013-1563
CVE-2013-1564
CVE-2013-1569
CVE-2013-1571
CVE-2013-2383
CVE-2013-2384
CVE-2013-2394
CVE-2013-2400
CVE-2013-2407
CVE-2013-2412
CVE-2013-2414
CVE-2013-2415
CVE-2013-2416
CVE-2013-2417
CVE-2013-2418
CVE-2013-2419
CVE-2013-2420
CVE-2013-2421
CVE-2013-2422
CVE-2013-2423
CVE-2013-2424
CVE-2013-2425
CVE-2013-2426
CVE-2013-2427
CVE-2013-2428
CVE-2013-2429
CVE-2013-2430
CVE-2013-2431
CVE-2013-2432
CVE-2013-2433
CVE-2013-2434
CVE-2013-2435
CVE-2013-2436
CVE-2013-2437
CVE-2013-2438
CVE-2013-2439
CVE-2013-2440
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2461
CVE-2013-2462
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2467
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3743
CVE-2013-3744
CVE-2013-3829
CVE-2013-5772
CVE-2013-5774
CVE-2013-5775
CVE-2013-5776
CVE-2013-5777
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5788
CVE-2013-5789
CVE-2013-5790
CVE-2013-5797
CVE-2013-5800
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5805
CVE-2013-5806
CVE-2013-5809
CVE-2013-5810
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5838
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5844
CVE-2013-5846
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
CVE-2013-5852
CVE-2013-5854
CVE-2013-5870
CVE-2013-5878
CVE-2013-5887
CVE-2013-5888
CVE-2013-5889
CVE-2013-5893
CVE-2013-5895
CVE-2013-5896
CVE-2013-5898
CVE-2013-5899
CVE-2013-5902
CVE-2013-5904
CVE-2013-5905
CVE-2013-5906
CVE-2013-5907
CVE-2013-5910
CVE-2014-0368
CVE-2014-0373
CVE-2014-0375
CVE-2014-0376
CVE-2014-0382
CVE-2014-0385
CVE-2014-0387
CVE-2014-0403
CVE-2014-0408
CVE-2014-0410
CVE-2014-0411
CVE-2014-0415
CVE-2014-0416
CVE-2014-0417
CVE-2014-0418
CVE-2014-0422
CVE-2014-0423
CVE-2014-0424
CVE-2014-0428


Last edited by GLSA on Mon Mar 02, 2015 4:32 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum