Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201903-14 ] Oracle JDK/JRE: Multiple vulnerabilities
Date: Thu, 14 Mar 2019 01:56:52
Message-Id: 20190314014534.GF14998@monkey
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201903-14
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Oracle JDK/JRE: Multiple vulnerabilities
9 Date: March 14, 2019
10 Bugs: #653560, #661456, #676134
11 ID: 201903-14
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Oracle’s JDK and JRE
19 software suites.
20
21 Background
22 ==========
23
24 Java Platform, Standard Edition (Java SE) lets you develop and deploy
25 Java applications on desktops and servers, as well as in today’s
26 demanding embedded environments. Java offers the rich user interface,
27 performance, versatility, portability, and security that today’s
28 applications require.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 dev-java/oracle-jdk-bin < 1.8.0.202 >= 1.8.0.202
37 2 dev-java/oracle-jre-bin < 1.8.0.202 >= 1.8.0.202
38 -------------------------------------------------------------------
39 2 affected packages
40
41 Description
42 ===========
43
44 Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE
45 software suites. Please review the CVE identifiers referenced below for
46 details.
47
48 Impact
49 ======
50
51 A remote attacker could possibly execute arbitrary code with the
52 privileges of the process, gain access to information, or cause a
53 Denial of Service condition.
54
55 Workaround
56 ==========
57
58 There is no known workaround at this time.
59
60 Resolution
61 ==========
62
63 All Oracle JDK bin users should upgrade to the latest version:
64
65 # emerge --sync
66 # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.202"
67
68 All Oracle JRE bin users should upgrade to the latest version:
69
70 # emerge --sync
71 # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.202"
72
73 References
74 ==========
75
76 [ 1 ] CVE-2018-2790
77 https://nvd.nist.gov/vuln/detail/CVE-2018-2790
78 [ 2 ] CVE-2018-2794
79 https://nvd.nist.gov/vuln/detail/CVE-2018-2794
80 [ 3 ] CVE-2018-2795
81 https://nvd.nist.gov/vuln/detail/CVE-2018-2795
82 [ 4 ] CVE-2018-2796
83 https://nvd.nist.gov/vuln/detail/CVE-2018-2796
84 [ 5 ] CVE-2018-2797
85 https://nvd.nist.gov/vuln/detail/CVE-2018-2797
86 [ 6 ] CVE-2018-2798
87 https://nvd.nist.gov/vuln/detail/CVE-2018-2798
88 [ 7 ] CVE-2018-2799
89 https://nvd.nist.gov/vuln/detail/CVE-2018-2799
90 [ 8 ] CVE-2018-2800
91 https://nvd.nist.gov/vuln/detail/CVE-2018-2800
92 [ 9 ] CVE-2018-2811
93 https://nvd.nist.gov/vuln/detail/CVE-2018-2811
94 [ 10 ] CVE-2018-2814
95 https://nvd.nist.gov/vuln/detail/CVE-2018-2814
96 [ 11 ] CVE-2018-2815
97 https://nvd.nist.gov/vuln/detail/CVE-2018-2815
98 [ 12 ] CVE-2019-2422
99 https://nvd.nist.gov/vuln/detail/CVE-2019-2422
100 [ 13 ] CVE-2019-2426
101 https://nvd.nist.gov/vuln/detail/CVE-2019-2426
102
103 Availability
104 ============
105
106 This GLSA and any updates to it are available for viewing at
107 the Gentoo Security Website:
108
109 https://security.gentoo.org/glsa/201903-14
110
111 Concerns?
112 =========
113
114 Security is a primary focus of Gentoo Linux and ensuring the
115 confidentiality and security of our users' machines is of utmost
116 importance to us. Any security concerns should be addressed to
117 security@g.o or alternatively, you may file a bug at
118 https://bugs.gentoo.org.
119
120 License
121 =======
122
123 Copyright 2019 Gentoo Foundation, Inc; referenced text
124 belongs to its owner(s).
125
126 The contents of this document are licensed under the
127 Creative Commons - Attribution / Share Alike license.
128
129 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature