[gentoo-announce] [ GLSA 201908-10 ] Oracle JDK/JRE: Multiple vulnerabilities - gentoo-announce

From:	Aaron Bauman <bman@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201908-10 ] Oracle JDK/JRE: Multiple vulnerabilities
Date:	Thu, 15 Aug 2019 16:21:47
Message-Id:	`20190815154901.GE861995@bubba.lan`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201908-10

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Oracle JDK/JRE: Multiple vulnerabilities

9

     Date: August 15, 2019

10

     Bugs: #668948, #691336

11

       ID: 201908-10

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Oracle’s JDK and JRE

19

software suites.

20

21

Background

22

==========

23

24

Java Platform, Standard Edition (Java SE) lets you develop and deploy

25

Java applications on desktops and servers, as well as in today’s

26

demanding embedded environments. Java offers the rich user interface,

27

performance, versatility, portability, and security that today’s

28

applications require.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package              /     Vulnerable     /            Unaffected

35

    -------------------------------------------------------------------

36

  1  dev-java/oracle-jdk-bin  < 1.8.0.202:1.8        >= 1.8.0.202:1.8 

37

  2  dev-java/oracle-jre-bin  < 1.8.0.202:1.8        >= 1.8.0.202:1.8 

38

    -------------------------------------------------------------------

39

     2 affected packages

40

41

Description

42

===========

43

44

Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE

45

software suites. Please review the CVE identifiers referenced below for

46

details.

47

48

Impact

49

======

50

51

Please review the referenced CVE identifiers for details.

52

53

Workaround

54

==========

55

56

There is no known workaround at this time.

57

58

Resolution

59

==========

60

61

All Oracle JDK bin users should upgrade to the latest version:

62

63

  # emerge --sync

64

  # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.202:1.8"

65

66

All Oracle JRE bin users should upgrade to the latest version:

67

68

  # emerge --sync

69

  # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.202:1.8"

70

71

References

72

==========

73

74

[  1 ] CVE-2018-13785

75

       https://nvd.nist.gov/vuln/detail/CVE-2018-13785

76

[  2 ] CVE-2018-3136

77

       https://nvd.nist.gov/vuln/detail/CVE-2018-3136

78

[  3 ] CVE-2018-3139

79

       https://nvd.nist.gov/vuln/detail/CVE-2018-3139

80

[  4 ] CVE-2018-3149

81

       https://nvd.nist.gov/vuln/detail/CVE-2018-3149

82

[  5 ] CVE-2018-3150

83

       https://nvd.nist.gov/vuln/detail/CVE-2018-3150

84

[  6 ] CVE-2018-3157

85

       https://nvd.nist.gov/vuln/detail/CVE-2018-3157

86

[  7 ] CVE-2018-3169

87

       https://nvd.nist.gov/vuln/detail/CVE-2018-3169

88

[  8 ] CVE-2018-3180

89

       https://nvd.nist.gov/vuln/detail/CVE-2018-3180

90

[  9 ] CVE-2018-3183

91

       https://nvd.nist.gov/vuln/detail/CVE-2018-3183

92

[ 10 ] CVE-2018-3209

93

       https://nvd.nist.gov/vuln/detail/CVE-2018-3209

94

[ 11 ] CVE-2018-3211

95

       https://nvd.nist.gov/vuln/detail/CVE-2018-3211

96

[ 12 ] CVE-2018-3214

97

       https://nvd.nist.gov/vuln/detail/CVE-2018-3214

98

[ 13 ] CVE-2019-2602

99

       https://nvd.nist.gov/vuln/detail/CVE-2019-2602

100

[ 14 ] CVE-2019-2684

101

       https://nvd.nist.gov/vuln/detail/CVE-2019-2684

102

[ 15 ] CVE-2019-2697

103

       https://nvd.nist.gov/vuln/detail/CVE-2019-2697

104

[ 16 ] CVE-2019-2698

105

       https://nvd.nist.gov/vuln/detail/CVE-2019-2698

106

[ 17 ] CVE-2019-2699

107

       https://nvd.nist.gov/vuln/detail/CVE-2019-2699

108

109

Availability

110

============

111

112

This GLSA and any updates to it are available for viewing at

113

the Gentoo Security Website:

114

115

 https://security.gentoo.org/glsa/201908-10

116

117

Concerns?

118

=========

119

120

Security is a primary focus of Gentoo Linux and ensuring the

121

confidentiality and security of our users' machines is of utmost

122

importance to us. Any security concerns should be addressed to

123

security@g.o or alternatively, you may file a bug at

124

https://bugs.gentoo.org.

125

126

License

127

=======

128

129

Copyright 2019 Gentoo Foundation, Inc; referenced text

130

belongs to its owner(s).

131

132

The contents of this document are licensed under the

133

Creative Commons - Attribution / Share Alike license.

134

135

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201908-10
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Oracle JDK/JRE: Multiple vulnerabilities
9	Date: August 15, 2019
10	Bugs: #668948, #691336
11	ID: 201908-10
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Oracle’s JDK and JRE
19	software suites.
20
21	Background
22	==========
23
24	Java Platform, Standard Edition (Java SE) lets you develop and deploy
25	Java applications on desktops and servers, as well as in today’s
26	demanding embedded environments. Java offers the rich user interface,
27	performance, versatility, portability, and security that today’s
28	applications require.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 dev-java/oracle-jdk-bin < 1.8.0.202:1.8 >= 1.8.0.202:1.8
37	2 dev-java/oracle-jre-bin < 1.8.0.202:1.8 >= 1.8.0.202:1.8
38	-------------------------------------------------------------------
39	2 affected packages
40
41	Description
42	===========
43
44	Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE
45	software suites. Please review the CVE identifiers referenced below for
46	details.
47
48	Impact
49	======
50
51	Please review the referenced CVE identifiers for details.
52
53	Workaround
54	==========
55
56	There is no known workaround at this time.
57
58	Resolution
59	==========
60
61	All Oracle JDK bin users should upgrade to the latest version:
62
63	# emerge --sync
64	# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.202:1.8"
65
66	All Oracle JRE bin users should upgrade to the latest version:
67
68	# emerge --sync
69	# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.202:1.8"
70
71	References
72	==========
73
74	[ 1 ] CVE-2018-13785
75	https://nvd.nist.gov/vuln/detail/CVE-2018-13785
76	[ 2 ] CVE-2018-3136
77	https://nvd.nist.gov/vuln/detail/CVE-2018-3136
78	[ 3 ] CVE-2018-3139
79	https://nvd.nist.gov/vuln/detail/CVE-2018-3139
80	[ 4 ] CVE-2018-3149
81	https://nvd.nist.gov/vuln/detail/CVE-2018-3149
82	[ 5 ] CVE-2018-3150
83	https://nvd.nist.gov/vuln/detail/CVE-2018-3150
84	[ 6 ] CVE-2018-3157
85	https://nvd.nist.gov/vuln/detail/CVE-2018-3157
86	[ 7 ] CVE-2018-3169
87	https://nvd.nist.gov/vuln/detail/CVE-2018-3169
88	[ 8 ] CVE-2018-3180
89	https://nvd.nist.gov/vuln/detail/CVE-2018-3180
90	[ 9 ] CVE-2018-3183
91	https://nvd.nist.gov/vuln/detail/CVE-2018-3183
92	[ 10 ] CVE-2018-3209
93	https://nvd.nist.gov/vuln/detail/CVE-2018-3209
94	[ 11 ] CVE-2018-3211
95	https://nvd.nist.gov/vuln/detail/CVE-2018-3211
96	[ 12 ] CVE-2018-3214
97	https://nvd.nist.gov/vuln/detail/CVE-2018-3214
98	[ 13 ] CVE-2019-2602
99	https://nvd.nist.gov/vuln/detail/CVE-2019-2602
100	[ 14 ] CVE-2019-2684
101	https://nvd.nist.gov/vuln/detail/CVE-2019-2684
102	[ 15 ] CVE-2019-2697
103	https://nvd.nist.gov/vuln/detail/CVE-2019-2697
104	[ 16 ] CVE-2019-2698
105	https://nvd.nist.gov/vuln/detail/CVE-2019-2698
106	[ 17 ] CVE-2019-2699
107	https://nvd.nist.gov/vuln/detail/CVE-2019-2699
108
109	Availability
110	============
111
112	This GLSA and any updates to it are available for viewing at
113	the Gentoo Security Website:
114
115	https://security.gentoo.org/glsa/201908-10
116
117	Concerns?
118	=========
119
120	Security is a primary focus of Gentoo Linux and ensuring the
121	confidentiality and security of our users' machines is of utmost
122	importance to us. Any security concerns should be addressed to
123	security@g.o or alternatively, you may file a bug at
124	https://bugs.gentoo.org.
125
126	License
127	=======
128
129	Copyright 2019 Gentoo Foundation, Inc; referenced text
130	belongs to its owner(s).
131
132	The contents of this document are licensed under the
133	Creative Commons - Attribution / Share Alike license.
134
135	https://creativecommons.org/licenses/by-sa/2.5