Gentoo Archives: gentoo-announce

From: "Christopher Díaz Riveros" <chrisadr@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201803-06 ] Oracle JDK/JRE: Multiple vulnerabilities
Date: Mon, 19 Mar 2018 00:56:24
Message-Id: 1521420915.2499.1.camel@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201803-06
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Oracle JDK/JRE: Multiple vulnerabilities
9 Date: March 19, 2018
10 Bugs: #645268
11 ID: 201803-06
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Oracle's JDK and JRE
19 software suites, the worst of which may allow execution of arbitrary
20 code.
21
22 Background
23 ==========
24
25 Java Platform, Standard Edition (Java SE) lets you develop and deploy
26 Java applications on desktops and servers, as well as in today’s
27 demanding embedded environments. Java offers the rich user interface,
28 performance, versatility, portability, and security that today’s
29 applications require.
30
31 Affected packages
32 =================
33
34 -------------------------------------------------------------------
35 Package / Vulnerable / Unaffected
36 -------------------------------------------------------------------
37 1 dev-java/oracle-jdk-bin < 1.8.0.162:1.8 >= 1.8.0.162:1.8
38 2 dev-java/oracle-jre-bin < 1.8.0.162:1.8 >= 1.8.0.162:1.8
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Oracle’s Java SE.
46 Please review the referenced CVE identifiers for details.
47
48 Impact
49 ======
50
51 A remote attacker could possibly execute arbitrary code with the
52 privileges of the process, gain access to information, or cause a
53 Denial of Service condition.
54
55 Workaround
56 ==========
57
58 There is no known workaround at this time.
59
60 Resolution
61 ==========
62
63 All Oracle JDK users should upgrade to the latest version:
64
65 # emerge --sync
66 # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.162:1.8"
67
68 All Oracle JRE users should upgrade to the latest version:
69
70 # emerge --sync
71 # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.162:1.8"
72
73 References
74 ==========
75
76 [ 1 ] CVE-2018-2579
77 https://nvd.nist.gov/vuln/detail/CVE-2018-2579
78 [ 2 ] CVE-2018-2581
79 https://nvd.nist.gov/vuln/detail/CVE-2018-2581
80 [ 3 ] CVE-2018-2582
81 https://nvd.nist.gov/vuln/detail/CVE-2018-2582
82 [ 4 ] CVE-2018-2588
83 https://nvd.nist.gov/vuln/detail/CVE-2018-2588
84 [ 5 ] CVE-2018-2599
85 https://nvd.nist.gov/vuln/detail/CVE-2018-2599
86 [ 6 ] CVE-2018-2602
87 https://nvd.nist.gov/vuln/detail/CVE-2018-2602
88 [ 7 ] CVE-2018-2603
89 https://nvd.nist.gov/vuln/detail/CVE-2018-2603
90 [ 8 ] CVE-2018-2618
91 https://nvd.nist.gov/vuln/detail/CVE-2018-2618
92 [ 9 ] CVE-2018-2627
93 https://nvd.nist.gov/vuln/detail/CVE-2018-2627
94 [ 10 ] CVE-2018-2629
95 https://nvd.nist.gov/vuln/detail/CVE-2018-2629
96 [ 11 ] CVE-2018-2633
97 https://nvd.nist.gov/vuln/detail/CVE-2018-2633
98 [ 12 ] CVE-2018-2634
99 https://nvd.nist.gov/vuln/detail/CVE-2018-2634
100 [ 13 ] CVE-2018-2637
101 https://nvd.nist.gov/vuln/detail/CVE-2018-2637
102 [ 14 ] CVE-2018-2638
103 https://nvd.nist.gov/vuln/detail/CVE-2018-2638
104 [ 15 ] CVE-2018-2639
105 https://nvd.nist.gov/vuln/detail/CVE-2018-2639
106 [ 16 ] CVE-2018-2641
107 https://nvd.nist.gov/vuln/detail/CVE-2018-2641
108 [ 17 ] CVE-2018-2663
109 https://nvd.nist.gov/vuln/detail/CVE-2018-2663
110
111 Availability
112 ============
113
114 This GLSA and any updates to it are available for viewing at
115 the Gentoo Security Website:
116
117 https://security.gentoo.org/glsa/201803-06
118
119 Concerns?
120 =========
121
122 Security is a primary focus of Gentoo Linux and ensuring the
123 confidentiality and security of our users' machines is of utmost
124 importance to us. Any security concerns should be addressed to
125 security@g.o or alternatively, you may file a bug at
126 https://bugs.gentoo.org.
127
128 License
129 =======
130
131 Copyright 2018 Gentoo Foundation, Inc; referenced text
132 belongs to its owner(s).
133
134 The contents of this document are licensed under the
135 Creative Commons - Attribution / Share Alike license.
136
137 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature