[ GLSA 200911-02 ] Sun JDK/JRE: Multiple vulnerabilities

[GLSA]

Gentoo Linux Security Advisory

Title: Sun JDK/JRE: Multiple vulnerabilities (GLSA 200911-02)
Severity: normal
Exploitable: remote
Date: November 17, 2009
Bug(s): #182824, #231337, #250012, #263810, #280409, #291817
ID: 200911-02

Synopsis


Multiple vulnerabilities in the Sun JDK and JRE allow for several attacks,
including the remote execution of arbitrary code.


Background


The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
(JRE) provide the Sun Java platform.


Affected Packages

Package: dev-java/sun-jre-bin
Vulnerable: < 1.6.0.17
Unaffected: >= 1.5.0.22 < 1.5.0.23
Unaffected: >= 1.6.0.17
Architectures: All supported architectures

Package: dev-java/sun-jdk
Vulnerable: < 1.6.0.17
Unaffected: >= 1.5.0.22 < 1.5.0.23
Unaffected: >= 1.6.0.17
Architectures: All supported architectures

Package: dev-java/blackdown-jre
Vulnerable: <= 1.4.2.03-r14
Architectures: All supported architectures

Package: dev-java/blackdown-jdk
Vulnerable: <= 1.4.2.03-r16
Architectures: All supported architectures

Package: app-emulation/emul-linux-x86-java
Vulnerable: < 1.6.0.17
Unaffected: >= 1.5.0.22 < 1.5.0.23
Unaffected: >= 1.6.0.17
Architectures: All supported architectures


Description


Multiple vulnerabilities have been reported in the Sun Java
implementation. Please review the CVE identifiers referenced below and
the associated Sun Alerts for details.


Impact


A remote attacker could entice a user to open a specially crafted JAR
archive, applet, or Java Web Start application, possibly resulting in
the execution of arbitrary code with the privileges of the user running
the application. Furthermore, a remote attacker could cause a Denial of
Service affecting multiple services via several vectors, disclose
information and memory contents, write or execute local files, conduct
session hijacking attacks via GIFAR files, steal cookies, bypass the
same-origin policy, load untrusted JAR files, establish network
connections to arbitrary hosts and posts via several vectors, modify
the list of supported graphics configurations, bypass HMAC-based
authentication systems, escalate privileges via several vectors and
cause applet code to be executed with older, possibly vulnerable
versions of the JRE.

NOTE: Some vulnerabilities require a trusted environment, user
interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack.


Workaround


There is no known workaround at this time.


Resolution


All Sun JRE 1.5.x users should upgrade to the latest version: