Gentoo: GLSA-201111-02 Normal: Oracle JRE Multiple Threats

gentoo

November 5, 2011

Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.

Summary

Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.

Topics Covered

security advisory gentoo remote execution multiple threats normal severity java update oracle jre

Resolution

All Oracle JDK 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.

References

[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvena...

Read the Full Advisory

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201111-02
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal

Title: Oracle JRE/JDK: Multiple vulnerabilities

Date: November 05, 2011

Bugs: #340421, #354213, #370559, #387851

ID: 201111-02

Topics Covered

security advisory gentoo remote execution multiple threats normal severity java update oracle jre

Synopsis

Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.

Background

The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform).

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------

Impact

===== A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.

Workaround

There is no known workaround at this time.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Gentoo: GLSA-201111-02 Normal: Oracle JRE Multiple Threats

Summary

Topics Covered

Resolution

References

Availability

Concerns

Topics Covered

Synopsis

Background

Get the latest News and Insights

Affected Packages

Impact

Workaround

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Gentoo: GLSA-201111-02 Normal: Oracle JRE Multiple Threats

Summary

Topics Covered

Resolution

References

Availability

Concerns

Topics Covered

Synopsis

Background

Get the latest News and Insights

Affected Packages

Impact

Workaround

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!