[gentoo-announce] [ GLSA 201705-03 ] Oracle JDK/JRE: Multiple vulnerabilities - gentoo-announce

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201705-03 ] Oracle JDK/JRE: Multiple vulnerabilities
Date:	Sun, 07 May 2017 20:38:11
Message-Id:	`98f58139-3b4d-32f4-4565-b032390ff4f1@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201705-03

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Oracle JDK/JRE: Multiple vulnerabilities

9

     Date: May 07, 2017

10

     Bugs: #616050

11

       ID: 201705-03

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Oracle's JRE and JDK

19

software suites, the worst of which may allow execution of arbitrary

20

code.

21

22

Background

23

==========

24

25

Java Platform, Standard Edition (Java SE) lets you develop and deploy

26

Java applications on desktops and servers, as well as in today's

27

demanding embedded environments. Java offers the rich user interface,

28

performance, versatility, portability, and security that today's

29

applications require.

30

31

Affected packages

32

=================

33

34

    -------------------------------------------------------------------

35

     Package              /     Vulnerable     /            Unaffected

36

    -------------------------------------------------------------------

37

  1  dev-java/oracle-jre-bin    < 1.8.0.131              >= 1.8.0.131

38

  2  dev-java/oracle-jdk-bin    < 1.8.0.131              >= 1.8.0.131

39

    -------------------------------------------------------------------

40

     2 affected packages

41

42

Description

43

===========

44

45

Multiple vulnerabilities have been discovered in in Oracle's JRE and

46

JDK. Please review the CVE identifiers referenced below for details.

47

48

Impact

49

======

50

51

A remote attacker could possibly execute arbitrary code with the

52

privileges of the process, gain access to information, or cause a

53

Denial of Service condition.

54

55

Workaround

56

==========

57

58

There is no known workaround at this time.

59

60

Resolution

61

==========

62

63

All Oracle JRE users should upgrade to the latest version:

64

65

  # emerge --sync

66

  # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.131"

67

68

All Oracle JDK users should upgrade to the latest version:

69

70

  # emerge --sync

71

  # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.131"

72

73

References

74

==========

75

76

[ 1 ] CVE-2017-3509

77

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3509

78

[ 2 ] CVE-2017-3511

79

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3511

80

[ 3 ] CVE-2017-3512

81

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3512

82

[ 4 ] CVE-2017-3514

83

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3514

84

[ 5 ] CVE-2017-3526

85

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3526

86

[ 6 ] CVE-2017-3533

87

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3533

88

[ 7 ] CVE-2017-3539

89

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3539

90

[ 8 ] CVE-2017-3544

91

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3544

92

93

Availability

94

============

95

96

This GLSA and any updates to it are available for viewing at

97

the Gentoo Security Website:

98

99

 https://security.gentoo.org/glsa/201705-03

100

101

Concerns?

102

=========

103

104

Security is a primary focus of Gentoo Linux and ensuring the

105

confidentiality and security of our users' machines is of utmost

106

importance to us. Any security concerns should be addressed to

107

security@g.o or alternatively, you may file a bug at

108

https://bugs.gentoo.org.

109

110

License

111

=======

112

113

Copyright 2017 Gentoo Foundation, Inc; referenced text

114

belongs to its owner(s).

115

116

The contents of this document are licensed under the

117

Creative Commons - Attribution / Share Alike license.

118

119

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201705-03
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Oracle JDK/JRE: Multiple vulnerabilities
9	Date: May 07, 2017
10	Bugs: #616050
11	ID: 201705-03
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Oracle's JRE and JDK
19	software suites, the worst of which may allow execution of arbitrary
20	code.
21
22	Background
23	==========
24
25	Java Platform, Standard Edition (Java SE) lets you develop and deploy
26	Java applications on desktops and servers, as well as in today's
27	demanding embedded environments. Java offers the rich user interface,
28	performance, versatility, portability, and security that today's
29	applications require.
30
31	Affected packages
32	=================
33
34	-------------------------------------------------------------------
35	Package / Vulnerable / Unaffected
36	-------------------------------------------------------------------
37	1 dev-java/oracle-jre-bin < 1.8.0.131 >= 1.8.0.131
38	2 dev-java/oracle-jdk-bin < 1.8.0.131 >= 1.8.0.131
39	-------------------------------------------------------------------
40	2 affected packages
41
42	Description
43	===========
44
45	Multiple vulnerabilities have been discovered in in Oracle's JRE and
46	JDK. Please review the CVE identifiers referenced below for details.
47
48	Impact
49	======
50
51	A remote attacker could possibly execute arbitrary code with the
52	privileges of the process, gain access to information, or cause a
53	Denial of Service condition.
54
55	Workaround
56	==========
57
58	There is no known workaround at this time.
59
60	Resolution
61	==========
62
63	All Oracle JRE users should upgrade to the latest version:
64
65	# emerge --sync
66	# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.131"
67
68	All Oracle JDK users should upgrade to the latest version:
69
70	# emerge --sync
71	# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.131"
72
73	References
74	==========
75
76	[ 1 ] CVE-2017-3509
77	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3509
78	[ 2 ] CVE-2017-3511
79	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3511
80	[ 3 ] CVE-2017-3512
81	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3512
82	[ 4 ] CVE-2017-3514
83	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3514
84	[ 5 ] CVE-2017-3526
85	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3526
86	[ 6 ] CVE-2017-3533
87	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3533
88	[ 7 ] CVE-2017-3539
89	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3539
90	[ 8 ] CVE-2017-3544
91	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3544
92
93	Availability
94	============
95
96	This GLSA and any updates to it are available for viewing at
97	the Gentoo Security Website:
98
99	https://security.gentoo.org/glsa/201705-03
100
101	Concerns?
102	=========
103
104	Security is a primary focus of Gentoo Linux and ensuring the
105	confidentiality and security of our users' machines is of utmost
106	importance to us. Any security concerns should be addressed to
107	security@g.o or alternatively, you may file a bug at
108	https://bugs.gentoo.org.
109
110	License
111	=======
112
113	Copyright 2017 Gentoo Foundation, Inc; referenced text
114	belongs to its owner(s).
115
116	The contents of this document are licensed under the
117	Creative Commons - Attribution / Share Alike license.
118
119	http://creativecommons.org/licenses/by-sa/2.5