[gentoo-announce] [ GLSA 201603-11 ] Oracle JRE/JDK: Multiple vulnerabilities

news · March 12, 2016

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201603-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

https://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal

Title: Oracle JRE/JDK: Multiple vulnerabilities

Date: March 12, 2016

Bugs: #525472, #540054, #546678, #554886, #563684, #572432

ID: 201603-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis

========

Multiple vulnerabilities have been found in Oracle's JRE and JDK

software suites allowing remote attackers to remotely execute arbitrary

code, obtain information, and cause Denial of Service.

Background

==========

Java Platform, Standard Edition (Java SE) lets you develop and deploy

Java applications on desktops and servers, as well as in today's

demanding embedded environments. Java offers the rich user interface,

performance, versatility, portability, and security that today's

applications require.

Affected packages

=================

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 dev-java/oracle-jre-bin < 1.8.0.72 >= 1.8.0.72

2 dev-java/oracle-jdk-bin < 1.8.0.72 >= 1.8.0.72

-------------------------------------------------------------------

2 affected packages

Description

===========

Multiple vulnerabilities exist in both Oracle's JRE and JDK. Please

review the referenced CVE's for additional information.

Impact

======

Remote attackers could gain access to information, remotely execute

arbitrary code, and cause Denial of Service.

Workaround

==========

There is no known workaround at this time.

Resolution

==========

All Oracle JRE Users should upgrade to the latest version:

# emerge --sync

# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.72"

All Oracle JDK Users should upgrade to the latest version:

# emerge --sync

# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.72"

References

==========

[ 1 ] CVE-2015-0437

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437

[ 2 ] CVE-2015-0437

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437

[ 3 ] CVE-2015-0458

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458

[ 4 ] CVE-2015-0459

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459

[ 5 ] CVE-2015-0460

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460

[ 6 ] CVE-2015-0469

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469

[ 7 ] CVE-2015-0470

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470

[ 8 ] CVE-2015-0477

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477

[ 9 ] CVE-2015-0478

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478

[ 10 ] CVE-2015-0480

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480

[ 11 ] CVE-2015-0484

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484

[ 12 ] CVE-2015-0486

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486

[ 13 ] CVE-2015-0488

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488

[ 14 ] CVE-2015-0491

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491

[ 15 ] CVE-2015-0492

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492

[ 16 ] CVE-2015-2590

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590

[ 17 ] CVE-2015-2601

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601

[ 18 ] CVE-2015-2613

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613

[ 19 ] CVE-2015-2619

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619

[ 20 ] CVE-2015-2621

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621

[ 21 ] CVE-2015-2625

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625

[ 22 ] CVE-2015-2627

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627

[ 23 ] CVE-2015-2628

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628

[ 24 ] CVE-2015-2632

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632

[ 25 ] CVE-2015-2637

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637

[ 26 ] CVE-2015-2638

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638

[ 27 ] CVE-2015-2659

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659

[ 28 ] CVE-2015-2664

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664

[ 29 ] CVE-2015-4000

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000

[ 30 ] CVE-2015-4729

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729

[ 31 ] CVE-2015-4731

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731

[ 32 ] CVE-2015-4732

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732

[ 33 ] CVE-2015-4733

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733

[ 34 ] CVE-2015-4734

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734

[ 35 ] CVE-2015-4734

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734

[ 36 ] CVE-2015-4736

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736

[ 37 ] CVE-2015-4748

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748

[ 38 ] CVE-2015-4760

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760

[ 39 ] CVE-2015-4803

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803

[ 40 ] CVE-2015-4803

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803

[ 41 ] CVE-2015-4805

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805

[ 42 ] CVE-2015-4805

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805

[ 43 ] CVE-2015-4806

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806

[ 44 ] CVE-2015-4806

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806

[ 45 ] CVE-2015-4810

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810

[ 46 ] CVE-2015-4810

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810

[ 47 ] CVE-2015-4835

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835

[ 48 ] CVE-2015-4835

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835

[ 49 ] CVE-2015-4840

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840

[ 50 ] CVE-2015-4840

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840

[ 51 ] CVE-2015-4842

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842

[ 52 ] CVE-2015-4842

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842

[ 53 ] CVE-2015-4843

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843

[ 54 ] CVE-2015-4843

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843

[ 55 ] CVE-2015-4844

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844

[ 56 ] CVE-2015-4844

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844

[ 57 ] CVE-2015-4860

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860

[ 58 ] CVE-2015-4860

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860

[ 59 ] CVE-2015-4868

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868

[ 60 ] CVE-2015-4868

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868

[ 61 ] CVE-2015-4871

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871

[ 62 ] CVE-2015-4871

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871

[ 63 ] CVE-2015-4872

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872

[ 64 ] CVE-2015-4872

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872

[ 65 ] CVE-2015-4881

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881

[ 66 ] CVE-2015-4881

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881

[ 67 ] CVE-2015-4882

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882

[ 68 ] CVE-2015-4882

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882

[ 69 ] CVE-2015-4883

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883

[ 70 ] CVE-2015-4883

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883

[ 71 ] CVE-2015-4893

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893

[ 72 ] CVE-2015-4893

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893

[ 73 ] CVE-2015-4901

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901

[ 74 ] CVE-2015-4901

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901

[ 75 ] CVE-2015-4902

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902

[ 76 ] CVE-2015-4902

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902

[ 77 ] CVE-2015-4903

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903

[ 78 ] CVE-2015-4903

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903

[ 79 ] CVE-2015-4906

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906

[ 80 ] CVE-2015-4906

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906

[ 81 ] CVE-2015-4908

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908

[ 82 ] CVE-2015-4908

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908

[ 83 ] CVE-2015-4911

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911

[ 84 ] CVE-2015-4911

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911

[ 85 ] CVE-2015-4916

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916

[ 86 ] CVE-2015-4916

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916

[ 87 ] CVE-2015-7840

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840

[ 88 ] CVE-2015-7840

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840

Availability

============

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-11

Concerns?

=========

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users' machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

License

=======

belongs to its owner(s).

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Sign In

[gentoo-announce] [ GLSA 201603-11 ] Oracle JRE/JDK: Multiple vulnerabilities

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity