View previous topic :: View next topic |
Author |
Message |
GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Sep 24, 2017 11:26 pm Post subject: [ GLSA 201709-22 ] Oracle JDK/JRE, IcedTea |
|
|
Gentoo Linux Security Advisory
Title: Oracle JDK/JRE, IcedTea: Multiple vulnerabilities (GLSA 201709-22)
Severity: normal
Exploitable: remote
Date: 2017-09-24
Updated: 2017-09-25
Bug(s): #625602, #626088, #627682
ID: 201709-22
Synopsis
Multiple vulnerabilities have been found in Oracle's JRE and JDK
software suites, and IcedTea, the worst of which may allow execution of
arbitrary code.
Background
Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in today’s
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that today’s
applications require.
IcedTea’s aim is to provide OpenJDK in a form suitable for easy
configuration, compilation and distribution with the primary goal of
allowing inclusion in GNU/Linux distributions.
Affected Packages
Package: dev-java/oracle-jdk-bin
Vulnerable: < 1.8.0.141
Unaffected: >= 1.8.0.141
Architectures: All supported architectures
Package: dev-java/oracle-jre-bin
Vulnerable: < 1.8.0.141
Unaffected: >= 1.8.0.141
Architectures: All supported architectures
Package: dev-java/icedtea-bin
Vulnerable: < 7.2.6.11
Vulnerable: < 3.5.0
Unaffected: >= 7.2.6.11
Unaffected: >= 3.5.0
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Oracle’s JRE, JDK and
IcedTea. Please review the referenced CVE identifiers for details.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or gain
access to information.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK binary users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=dev-java/oracle-jdk-bin-1.8.0.141"
| All Oracle JRE binary users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=dev-java/oracle-jre-bin-1.8.0.141"
| All IcedTea binary 7.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.11"
| All IcedTea binary 3.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.5.0"
|
References
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10086
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10114
CVE-2017-10115
CVE-2017-10116
CVE-2017-10117
CVE-2017-10118
CVE-2017-10121
CVE-2017-10125
CVE-2017-10135
CVE-2017-10176
CVE-2017-10193
CVE-2017-10198
CVE-2017-10243
Last edited by GLSA on Fri Sep 29, 2017 4:17 am; edited 2 times in total |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|