Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201502-12 ] Oracle JRE/JDK: Multiple vulnerabilities
Date: Sun, 15 Feb 2015 14:57:20
Message-Id: 54E0AF73.7020904@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201502-12
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Oracle JRE/JDK: Multiple vulnerabilities
9 Date: February 15, 2015
10 Bugs: #507798, #508716, #517220, #525464
11 ID: 201502-12
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Oracle's Java SE
19 Development Kit and Runtime Environment, the worst of which could lead
20 to execution of arbitrary code.
21
22 Background
23 ==========
24
25 Oracle's Java SE Development Kit and Runtime Environment
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 dev-java/oracle-jre-bin < 1.7.0.71 >= 1.7.0.71
34 2 dev-java/oracle-jdk-bin < 1.7.0.71 >= 1.7.0.71
35 3 app-emulation/emul-linux-x86-java
36 < 1.7.0.71 >= 1.7.0.71
37 -------------------------------------------------------------------
38 3 affected packages
39
40 Description
41 ===========
42
43 Multiple vulnerabilities have been discovered in Oracle's Java SE
44 Development Kit and Runtime Environment. Please review the CVE
45 identifiers referenced below for details.
46
47 Impact
48 ======
49
50 A context-dependent attacker may be able to execute arbitrary code,
51 disclose, update, insert, or delete certain data.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All Oracle JRE 1.7 users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.71"
65
66 All Oracle JDK 1.7 users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.71"
70
71 All users of the precompiled 32-bit Oracle JRE should upgrade to the
72 latest version:
73
74 # emerge --sync
75 # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.71"
76
77 References
78 ==========
79
80 [ 1 ] CVE-2014-0429
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429
82 [ 2 ] CVE-2014-0432
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432
84 [ 3 ] CVE-2014-0446
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446
86 [ 4 ] CVE-2014-0448
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448
88 [ 5 ] CVE-2014-0449
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449
90 [ 6 ] CVE-2014-0451
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451
92 [ 7 ] CVE-2014-0452
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452
94 [ 8 ] CVE-2014-0453
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453
96 [ 9 ] CVE-2014-0454
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454
98 [ 10 ] CVE-2014-0455
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455
100 [ 11 ] CVE-2014-0456
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456
102 [ 12 ] CVE-2014-0457
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457
104 [ 13 ] CVE-2014-0458
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458
106 [ 14 ] CVE-2014-0459
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459
108 [ 15 ] CVE-2014-0460
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460
110 [ 16 ] CVE-2014-0461
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461
112 [ 17 ] CVE-2014-0463
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463
114 [ 18 ] CVE-2014-0464
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464
116 [ 19 ] CVE-2014-2397
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397
118 [ 20 ] CVE-2014-2398
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398
120 [ 21 ] CVE-2014-2401
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401
122 [ 22 ] CVE-2014-2402
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402
124 [ 23 ] CVE-2014-2403
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403
126 [ 24 ] CVE-2014-2409
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409
128 [ 25 ] CVE-2014-2410
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410
130 [ 26 ] CVE-2014-2412
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412
132 [ 27 ] CVE-2014-2413
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413
134 [ 28 ] CVE-2014-2414
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414
136 [ 29 ] CVE-2014-2420
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420
138 [ 30 ] CVE-2014-2421
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421
140 [ 31 ] CVE-2014-2422
141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422
142 [ 32 ] CVE-2014-2423
143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423
144 [ 33 ] CVE-2014-2427
145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
146 [ 34 ] CVE-2014-2428
147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428
148 [ 35 ] CVE-2014-2483
149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483
150 [ 36 ] CVE-2014-2490
151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490
152 [ 37 ] CVE-2014-4208
153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208
154 [ 38 ] CVE-2014-4209
155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209
156 [ 39 ] CVE-2014-4216
157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216
158 [ 40 ] CVE-2014-4218
159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218
160 [ 41 ] CVE-2014-4219
161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219
162 [ 42 ] CVE-2014-4220
163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220
164 [ 43 ] CVE-2014-4221
165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221
166 [ 44 ] CVE-2014-4223
167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223
168 [ 45 ] CVE-2014-4227
169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227
170 [ 46 ] CVE-2014-4244
171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244
172 [ 47 ] CVE-2014-4247
173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247
174 [ 48 ] CVE-2014-4252
175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252
176 [ 49 ] CVE-2014-4262
177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262
178 [ 50 ] CVE-2014-4263
179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263
180 [ 51 ] CVE-2014-4264
181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264
182 [ 52 ] CVE-2014-4265
183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265
184 [ 53 ] CVE-2014-4266
185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266
186 [ 54 ] CVE-2014-4268
187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268
188 [ 55 ] CVE-2014-4288
189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288
190 [ 56 ] CVE-2014-6456
191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456
192 [ 57 ] CVE-2014-6457
193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457
194 [ 58 ] CVE-2014-6458
195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458
196 [ 59 ] CVE-2014-6466
197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466
198 [ 60 ] CVE-2014-6468
199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468
200 [ 61 ] CVE-2014-6476
201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476
202 [ 62 ] CVE-2014-6485
203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485
204 [ 63 ] CVE-2014-6492
205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492
206 [ 64 ] CVE-2014-6493
207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493
208 [ 65 ] CVE-2014-6502
209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502
210 [ 66 ] CVE-2014-6503
211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503
212 [ 67 ] CVE-2014-6504
213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504
214 [ 68 ] CVE-2014-6506
215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506
216 [ 69 ] CVE-2014-6511
217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511
218 [ 70 ] CVE-2014-6512
219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512
220 [ 71 ] CVE-2014-6513
221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513
222 [ 72 ] CVE-2014-6515
223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515
224 [ 73 ] CVE-2014-6517
225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517
226 [ 74 ] CVE-2014-6519
227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519
228 [ 75 ] CVE-2014-6527
229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527
230 [ 76 ] CVE-2014-6531
231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531
232 [ 77 ] CVE-2014-6532
233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532
234 [ 78 ] CVE-2014-6558
235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558
236 [ 79 ] CVE-2014-6562
237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562
238
239 Availability
240 ============
241
242 This GLSA and any updates to it are available for viewing at
243 the Gentoo Security Website:
244
245 http://security.gentoo.org/glsa/glsa-201502-12.xml
246
247 Concerns?
248 =========
249
250 Security is a primary focus of Gentoo Linux and ensuring the
251 confidentiality and security of our users' machines is of utmost
252 importance to us. Any security concerns should be addressed to
253 security@g.o or alternatively, you may file a bug at
254 https://bugs.gentoo.org.
255
256 License
257 =======
258
259 Copyright 2015 Gentoo Foundation, Inc; referenced text
260 belongs to its owner(s).
261
262 The contents of this document are licensed under the
263 Creative Commons - Attribution / Share Alike license.
264
265 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups