GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Fri Jul 10, 2015 2:26 pm Post subject: [ GLSA 201507-14 ] Oracle JRE/JDK |
|
|
Gentoo Linux Security Advisory
Title: Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201507-14)
Severity: normal
Exploitable: local, remote
Date: July 10, 2015
Updated: July 11, 2015
Bug(s): #537214
ID: 201507-14
Synopsis
Multiple vulnerabilities have been found in Oracle JRE/JDK,
allowing both local and remote attackers to compromise various Java
components.
Background
The Oracle Java Development Kit (JDK) and the Oracle Java Runtime
Environment (JRE) provide the Oracle Java platform.
Affected Packages
Package: dev-java/oracle-jre-bin
Vulnerable: < 1.8.0.31
Vulnerable: < 1.7.0.76
Unaffected: >= 1.8.0.31
Unaffected: >= 1.7.0.76
Architectures: All supported architectures
Package: dev-java/oracle-jdk-bin
Vulnerable: < 1.8.0.31
Vulnerable: < 1.7.0.76
Unaffected: >= 1.8.0.31
Unaffected: >= 1.7.0.76
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please
review the CVE identifiers referenced below for details.
Impact
An context-dependent attacker may be able to influence the
confidentiality, integrity, and availability of Java
applications/runtime.
Workaround
There is no workaround at this time.
Resolution
All Oracle JRE 8 users should upgrade to the latest stable version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.8.0.31
| All Oracle JDK 8 users should upgrade to the latest stable version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.8.0.31
| All Oracle JRE 7 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.7.0.76
| All Oracle JDK 7 users should upgrade to the latest stable version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.7.0.76
|
References
CVE-2014-3566
CVE-2014-6549
CVE-2014-6585
CVE-2014-6587
CVE-2014-6591
CVE-2014-6593
CVE-2014-6601
CVE-2015-0383
CVE-2015-0395
CVE-2015-0400
CVE-2015-0403
CVE-2015-0406
CVE-2015-0407
CVE-2015-0408
CVE-2015-0410
CVE-2015-0412
CVE-2015-0413
CVE-2015-0421
Last edited by GLSA on Sun Jul 12, 2015 4:17 am; edited 1 time in total |
|