Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
91
security advisorygentooarbitrary executionGentoo: GLSA-202209-15 Normal: Oracle JDK/JRE Code Execution Risks
Multiple vulnerabilities have been found in Oracle JDK and JRE, the worst of which could result in the arbitrary execution of code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JDK/JRE: Multiple vulnerabilities Date: September 25, 2022 Bugs: #732630, #717638 ID: 202209-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Oracle JDK and JRE, the worst of which could result in the arbitrary execution of code. Background ========= Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today's demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today's applications require. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/oracle-jdk-bin
Sep 25, 2022
Gentoo
91
security advisorygentoosoftware issueGentoo: GLSA-201908-10 Normal: Oracle JDK/JRE Multiple Issues
Multiple vulnerabilities have been found in Oracle’s JDK and JRE software suites.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201908-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JDK/JRE: Multiple vulnerabilities Date: August 15, 2019 Bugs: #668948, #691336 ID: 201908-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Oracle’s JDK and JRE software suites. Background ========= Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications require. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/oracle-jdk-bin < 1.8.0.202:1.8 > = 1.8.0.202:1.8 2 dev-java/oracle-jre-bin < 1.8.0.202:1.8 > = 1.8.0.202:1.8 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE software suites. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Oracle JDK bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.202:1.8" All Oracle JRE bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =dev-java/oracle-jre-bin-1.8.0.202:1.8" References ========= [ 1 ] CVE-2018-13785 https://nvd.nist.gov/vuln/detail/CVE-2018-13785 [ 2 ] CVE-2018-3136 https://nvd.nist.gov/vuln/detail/CVE-2018-3136 [ 3 ] CVE-2018-3139 https://nvd.nist.gov/vuln/detail/CVE-2018-3139 [ 4 ] CVE-2018-3149 https://nvd.nist.gov/vuln/detail/CVE-2018-3149 [ 5 ] CVE-2018-3150 https://nvd.nist.gov/vuln/detail/CVE-2018-3150 [ 6 ] CVE-2018-3157 https://nvd.nist.gov/vuln/detail/CVE-2018-3157 [ 7 ] CVE-2018-3169 https://nvd.nist.gov/vuln/detail/CVE-2018-3169 [ 8 ] CVE-2018-3180 https://nvd.nist.gov/vuln/detail/CVE-2018-3180 [ 9 ] CVE-2018-3183 https://nvd.nist.gov/vuln/detail/CVE-2018-3183 [ 10 ] CVE-2018-3209 https://nvd.nist.gov/vuln/detail/CVE-2018-3209 [ 11 ] CVE-2018-3211 https://nvd.nist.gov/vuln/detail/CVE-2018-3211 [ 12 ] CVE-2018-3214 https://nvd.nist.gov/vuln/detail/CVE-2018-3214 [ 13 ] CVE-2019-2602 https://nvd.nist.gov/vuln/detail/CVE-2019-2602 [ 14 ] CVE-2019-2684 https://nvd.nist.gov/vuln/detail/CVE-2019-2684 [ 15 ] CVE-2019-2697 https://nvd.nist.gov/vuln/detail/CVE-2019-2697 [ 16 ] CVE-2019-2698 https://nvd.nist.gov/vuln/detail/CVE-2019-2698 [ 17 ] CVE-2019-2699 https://nvd.nist.gov/vuln/detail/CVE-2019-2699 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201908-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 15, 2019
Gentoo
91
security advisorygentoocode executionGentoo: GLSA-200911-02 Normal: Sun JDK/JRE Remote Code Execution
Multiple vulnerabilites in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sun JDK/JRE: Multiple vulnerabilites Date: November 17, 2009 Bugs: #182824, #231337, #250012, #263810, #280409, #291817 ID: 200911-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilites in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code. Background ========= The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment (JRE) provide the Sun Java platform. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sun-jre-bin < 1.6.0.17 *> = 1.5.0.22 > = 1.6.0.17 2 sun-jdk < 1.6.0.17 *> = 1.5.0.22 > = 1.6.0.17 3 blackdown-jre = 1.6.0.17 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 5 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Multiple vulnerabilites have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact ===== A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround ========= There is no known workaround at this time. Resolution ========= All Sun JRE 1.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jre-bin-1.5.0.22 All Sun JRE 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jre-bin-1.6.0.17 All Sun JDK 1.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jdk-1.5.0.22 All Sun JDK 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jdk-1.6.0.17 All users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the latest version: # emerge--sync # emerge --ask --oneshot --verbose =app-emulation/emul-linux-x86-java-1.5.0.22 All users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-emulation/emul-linux-x86-java-1.6.0.17 All Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge Java 1.4: # emerge --unmerge =app-emulation/emul-linux-x86-java-1.4* # emerge --unmerge =dev-java/sun-jre-bin-1.4* # emerge --unmerge =dev-java/sun-jdk-1.4* # emerge --unmerge dev-java/blackdown-jdk # emerge --unmerge dev-java/blackdown-jre Gentoo is ceasing support for the 1.4 generation of the Sun Java Platform in accordance with upstream. All 1.4 JRE and JDK versions are masked and will be removed shortly. References ========= [ 1 ] CVE-2008-2086 https://www.cve.org/CVERecord?id=CVE-2008-2086 [ 2 ] CVE-2008-3103 https://www.cve.org/CVERecord?id=CVE-2008-3103 [ 3 ] CVE-2008-3104 https://www.cve.org/CVERecord?id=CVE-2008-3104 [ 4 ] CVE-2008-3105 https://www.cve.org/CVERecord?id=CVE-2008-3105 [ 5 ] CVE-2008-3106 https://www.cve.org/CVERecord?id=CVE-2008-3106 [ 6 ] CVE-2008-3107 https://www.cve.org/CVERecord?id=CVE-2008-3107 [ 7 ] CVE-2008-3108 https://www.cve.org/CVERecord?id=CVE-2008-3108 [ 8 ] CVE-2008-3109 https://www.cve.org/CVERecord?id=CVE-2008-3109 [ 9 ] CVE-2008-3110 https://www.cve.org/CVERecord?id=CVE-2008-3110 [ 10 ] CVE-2008-3111 https://www.cve.org/CVERecord?id=CVE-2008-3111 [ 11 ] CVE-2008-3112 https://www.cve.org/CVERecord?id=CVE-2008-3112 [ 12 ] CVE-2008-3113 https://www.cve.org/CVERecord?id=CVE-2008-3113 [ 13 ] CVE-2008-3114 https://www.cve.org/CVERecord?id=CVE-2008-3114 [ 14 ] CVE-2008-3115 https://www.cve.org/CVERecord?id=CVE-2008-3115 [ 15 ] CVE-2008-5339 https://www.cve.org/CVERecord?id=CVE-2008-5339 [ 16 ] CVE-2008-5340 https://www.cve.org/CVERecord?id=CVE-2008-5340 [ 17 ] CVE-2008-5341 https://www.cve.org/CVERecord?id=CVE-2008-5341 [ 18 ] CVE-2008-5342 https://www.cve.org/CVERecord?id=CVE-2008-5342 [ 19 ] CVE-2008-5343 https://www.cve.org/CVERecord?id=CVE-2008-5343 [ 20 ] CVE-2008-5344 https://www.cve.org/CVERecord?id=CVE-2008-5344 [ 21 ] CVE-2008-5345 https://www.cve.org/CVERecord?id=CVE-2008-5345 [ 22 ] CVE-2008-5346 https://www.cve.org/CVERecord?id=CVE-2008-5346 [ 23 ] CVE-2008-5347 https://www.cve.org/CVERecord?id=CVE-2008-5347 [ 24 ] CVE-2008-5348 https://www.cve.org/CVERecord?id=CVE-2008-5348 [ 25 ] CVE-2008-5349 https://www.cve.org/CVERecord?id=CVE-2008-5349 [ 26 ] CVE-2008-5350 https://www.cve.org/CVERecord?id=CVE-2008-5350 [ 27 ] CVE-2008-5351 https://www.cve.org/CVERecord?id=CVE-2008-5351 [ 28 ] CVE-2008-5352 https://www.cve.org/CVERecord?id=CVE-2008-5352 [ 29 ] CVE-2008-5353 https://www.cve.org/CVERecord?id=CVE-2008-5353 [ 30 ] CVE-2008-5354 https://www.cve.org/CVERecord?id=CVE-2008-5354 [ 31 ] CVE-2008-5355 https://www.cve.org/CVERecord?id=CVE-2008-5355 [ 32 ] CVE-2008-5356 https://www.cve.org/CVERecord?id=CVE-2008-5356 [ 33 ] CVE-2008-5357 https://www.cve.org/CVERecord?id=CVE-2008-5357 [ 34 ] CVE-2008-5358 https://www.cve.org/CVERecord?id=CVE-2008-5358 [ 35 ] CVE-2008-5359 https://www.cve.org/CVERecord?id=CVE-2008-5359 [ 36 ] CVE-2008-5360 https://www.cve.org/CVERecord?id=CVE-2008-5360 [ 37 ] CVE-2009-1093 https://www.cve.org/CVERecord?id=CVE-2009-1093 [ 38 ] CVE-2009-1094 https://www.cve.org/CVERecord?id=CVE-2009-1094 [ 39 ] CVE-2009-1095 https://www.cve.org/CVERecord?id=CVE-2009-1095 [ 40 ] CVE-2009-1096 https://www.cve.org/CVERecord?id=CVE-2009-1096 [ 41 ] CVE-2009-1097 https://www.cve.org/CVERecord?id=CVE-2009-1097 [ 42 ] CVE-2009-1098 https://www.cve.org/CVERecord?id=CVE-2009-1098 [ 43 ] CVE-2009-1099 https://www.cve.org/CVERecord?id=CVE-2009-1099 [ 44 ] CVE-2009-1100 https://www.cve.org/CVERecord?id=CVE-2009-1100 [ 45 ] CVE-2009-1101 https://www.cve.org/CVERecord?id=CVE-2009-1101 [ 46 ] CVE-2009-1102 https://www.cve.org/CVERecord?id=CVE-2009-1102 [ 47 ] CVE-2009-1103 https://www.cve.org/CVERecord?id=CVE-2009-1103 [ 48 ] CVE-2009-1104 https://www.cve.org/CVERecord?id=CVE-2009-1104 [ 49 ] CVE-2009-1105 https://www.cve.org/CVERecord?id=CVE-2009-1105 [ 50 ] CVE-2009-1106 https://www.cve.org/CVERecord?id=CVE-2009-1106 [ 51 ] CVE-2009-1107 https://www.cve.org/CVERecord?id=CVE-2009-1107 [ 52 ] CVE-2009-2409 https://www.cve.org/CVERecord?id=CVE-2009-2409 [ 53 ] CVE-2009-2475 https://www.cve.org/CVERecord?id=CVE-2009-2475 [ 54 ] CVE-2009-2476 https://www.cve.org/CVERecord?id=CVE-2009-2476 [ 55 ] CVE-2009-2670 https://www.cve.org/CVERecord?id=CVE-2009-2670 [ 56 ] CVE-2009-2671 https://www.cve.org/CVERecord?id=CVE-2009-2671 [ 57 ] CVE-2009-2672 https://www.cve.org/CVERecord?id=CVE-2009-2672 [ 58 ] CVE-2009-2673 https://www.cve.org/CVERecord?id=CVE-2009-2673 [ 59 ] CVE-2009-2674 https://www.cve.org/CVERecord?id=CVE-2009-2674 [ 60 ] CVE-2009-2675 https://www.cve.org/CVERecord?id=CVE-2009-2675 [ 61 ] CVE-2009-2676 https://www.cve.org/CVERecord?id=CVE-2009-2676 [ 62 ] CVE-2009-2689 https://www.cve.org/CVERecord?id=CVE-2009-2689 [ 63 ] CVE-2009-2690 https://www.cve.org/CVERecord?id=CVE-2009-2690 [ 64 ] CVE-2009-2716 https://www.cve.org/CVERecord?id=CVE-2009-2716 [ 65 ] CVE-2009-2718 https://www.cve.org/CVERecord?id=CVE-2009-2718 [ 66 ] CVE-2009-2719 https://www.cve.org/CVERecord?id=CVE-2009-2719 [ 67 ]CVE-2009-2720 https://www.cve.org/CVERecord?id=CVE-2009-2720 [ 68 ] CVE-2009-2721 https://www.cve.org/CVERecord?id=CVE-2009-2721 [ 69 ] CVE-2009-2722 https://www.cve.org/CVERecord?id=CVE-2009-2722 [ 70 ] CVE-2009-2723 https://www.cve.org/CVERecord?id=CVE-2009-2723 [ 71 ] CVE-2009-2724 https://www.cve.org/CVERecord?id=CVE-2009-2724 [ 72 ] CVE-2009-3728 https://www.cve.org/CVERecord?id=CVE-2009-3728 [ 73 ] CVE-2009-3729 https://www.cve.org/CVERecord?id=CVE-2009-3729 [ 74 ] CVE-2009-3865 https://www.cve.org/CVERecord?id=CVE-2009-3865 [ 75 ] CVE-2009-3866 https://www.cve.org/CVERecord?id=CVE-2009-3866 [ 76 ] CVE-2009-3867 https://www.cve.org/CVERecord?id=CVE-2009-3867 [ 77 ] CVE-2009-3868 https://www.cve.org/CVERecord?id=CVE-2009-3868 [ 78 ] CVE-2009-3869 https://www.cve.org/CVERecord?id=CVE-2009-3869 [ 79 ] CVE-2009-3871 https://www.cve.org/CVERecord?id=CVE-2009-3871 [ 80 ] CVE-2009-3872 https://www.cve.org/CVERecord?id=CVE-2009-3872 [ 81 ] CVE-2009-3873 https://www.cve.org/CVERecord?id=CVE-2009-3873 [ 82 ] CVE-2009-3874 https://www.cve.org/CVERecord?id=CVE-2009-3874 [ 83 ] CVE-2009-3875 https://www.cve.org/CVERecord?id=CVE-2009-3875 [ 84 ] CVE-2009-3876 https://www.cve.org/CVERecord?id=CVE-2009-3876 [ 85 ] CVE-2009-3877 https://www.cve.org/CVERecord?id=CVE-2009-3877 [ 86 ] CVE-2009-3879 https://www.cve.org/CVERecord?id=CVE-2009-3879 [ 87 ] CVE-2009-3880 https://www.cve.org/CVERecord?id=CVE-2009-3880 [ 88 ] CVE-2009-3881 https://www.cve.org/CVERecord?id=CVE-2009-3881 [ 89 ] CVE-2009-3882 https://www.cve.org/CVERecord?id=CVE-2009-3882 [ 90 ] CVE-2009-3883 https://www.cve.org/CVERecord?id=CVE-2009-3883 [ 91 ] CVE-2009-3884 https://www.cve.org/CVERecord?id=CVE-2009-3884 [ 92 ] CVE-2009-3886 https://www.cve.org/CVERecord?id=CVE-2009-3886 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200911-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 17, 2009
Gentoo
91
security advisorygentooarbitrary code executionGentoo: GLSA-200602-07 Normal: Sun JDK/JRE Applet Escalation Threat
Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not adequately constrain applets from privilege escalation and arbitrary code execution. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200602-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Sun JDK/JRE: Applet privilege escalation Date: February 15, 2006 Bugs: #122156 ID: 200602-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not adequately constrain applets from privilege escalation and arbitrary code execution. Background ========= Sun's JDK and JRE provide interpreters for Java Applets in a sandboxed environment. These implementations provide the Java Web Start technology that can be used for easy client-side deployment of Java applications. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk < 1.4.2.10 > = 1.4.2.10 2 dev-java/sun-jre-bin < 1.4.2.10 > = 1.4.2.10 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Applets executed using JRE or JDK can use "reflection" APIs functions to elevate its privileges beyond the sandbox restrictions. Adam Gowdiak discovered five vulnerabilities that use this method for privilege escalation. Two more vulnerabilities werediscovered by the vendor. Peter Csepely discovered that Web Start Java applications also can an escalate their privileges. Impact ===== A malicious Java applet can bypass Java sandbox restrictions and hence access local files, connect to arbitrary network locations and execute arbitrary code on the user's machine. Java Web Start applications are affected likewise. Workaround ========= Select another Java implementation using java-config. Resolution ========= All Sun JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/sun-jdk-1.4.2.10" All Sun JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/sun-jre-bin-1.4.2.10" References ========= [ 1 ] Sun Security Alert ID 102170 [ 2 ] Sun Security Alert ID 102171 [ 3 ] CVE-2006-0614 [ 4 ] CVE-2006-0615 [ 5 ] CVE-2006-0616 [ 6 ] CVE-2006-0617 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200602-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Feb 15, 2006
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!