Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1471

PostPosted: Sat Nov 05, 2011 11:26 am    Post subject: [ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201111-02)
Severity: normal
Exploitable: remote
Date: November 05, 2011
Bug(s): #340421, #354213, #370559, #387851
ID: 201111-02

Synopsis

Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact.


Background

The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).


Affected Packages

Package: dev-java/sun-jre-bin
Vulnerable: < 1.6.0.29
Unaffected: >= 1.6.0.29
Architectures: All supported architectures

Package: app-emulation/emul-linux-x86-java
Vulnerable: < 1.6.0.29
Unaffected: >= 1.6.0.29
Architectures: All supported architectures

Package: dev-java/sun-jdk
Vulnerable: < 1.6.0.29
Unaffected: >= 1.6.0.29
Architectures: All supported architectures


Description

Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below and
the associated Oracle Critical Patch Update Advisory for details.


Impact

A remote attacker could exploit these vulnerabilities to cause
unspecified impact, possibly including remote execution of arbitrary
code.


Workaround

There is no known workaround at this time.

Resolution

All Oracle JDK 1.6 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
   
All Oracle JRE 1.6 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
   
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the
latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=app-emulation/emul-linux-x86-java-1.6.0.29"
   
NOTE: As Oracle has revoked the DLJ license for its Java implementation,
the packages can no longer be updated automatically. This limitation is
not present on a non-fetch restricted implementation such as
dev-java/icedtea-bin.


References

CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3552
CVE-2010-3553
CVE-2010-3554
CVE-2010-3555
CVE-2010-3556
CVE-2010-3557
CVE-2010-3558
CVE-2010-3559
CVE-2010-3560
CVE-2010-3561
CVE-2010-3562
CVE-2010-3563
CVE-2010-3565
CVE-2010-3566
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3570
CVE-2010-3571
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4474
CVE-2010-4475
CVE-2010-4476
CVE-2011-0802
CVE-2011-0814
CVE-2011-0815
CVE-2011-0862
CVE-2011-0863
CVE-2011-0864
CVE-2011-0865
CVE-2011-0867
CVE-2011-0868
CVE-2011-0869
CVE-2011-0871
CVE-2011-0872
CVE-2011-0873
CVE-2011-3389
CVE-2011-3516
CVE-2011-3521
CVE-2011-3544
CVE-2011-3545
CVE-2011-3546
CVE-2011-3547
CVE-2011-3548
CVE-2011-3549
CVE-2011-3550
CVE-2011-3551
CVE-2011-3552
CVE-2011-3553
CVE-2011-3554
CVE-2011-3555
CVE-2011-3556
CVE-2011-3557
CVE-2011-3558
CVE-2011-3560
CVE-2011-3561
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum