[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200806-11.xml - gentoo-commits

From:	"Tobias Heinlein (keytoaster)" <keytoaster@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200806-11.xml
Date:	Wed, 25 Jun 2008 10:32:34
Message-Id:	`E1KBSIe-00051t-BV@stork.gentoo.org`

1

keytoaster    08/06/25 10:32:28

2

3

  Added:                glsa-200806-11.xml

4

  Log:

5

  GLSA 200806-11

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200806-11.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200806-11.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200806-11.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200806-11.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200806-11">

21

  <title>IBM JDK/JRE: Multiple vulnerabilities</title>

22

  <synopsis>

23

    Multiple vulnerabilities have been found in IBM Java Development Kit (JDK)

24

    and Java Runtime Environment (JRE), resulting in the execution of arbitrary

25

    code.

26

  </synopsis>

27

  <product type="ebuild">ibm-jdk-bin ibm-jre-bin</product>

28

  <announced>June 25, 2008</announced>

29

  <revised>June 25, 2008: 01</revised>

30

  <bug>186277</bug>

31

  <bug>198644</bug>

32

  <bug>216112</bug>

33

  <access>remote</access>

34

  <affected>

35

    <package name="dev-java/ibm-jdk-bin" auto="yes" arch="*">

36

      <unaffected range="ge">1.5.0.7</unaffected>

37

      <unaffected range="rge">1.4.2.11</unaffected>

38

      <vulnerable range="lt">1.5.0.7</vulnerable>

39

    </package>

40

    <package name="dev-java/ibm-jre-bin" auto="yes" arch="*">

41

      <unaffected range="ge">1.5.0.7</unaffected>

42

      <unaffected range="rge">1.4.2.11</unaffected>

43

      <vulnerable range="lt">1.5.0.7</vulnerable>

44

    </package>

45

  </affected>

46

  <background>

47

<p>

48

    The IBM Java Development Kit (JDK) and the IBM Java Runtime Environment

49

    (JRE) provide the IBM Java platform.

50

    </p>

51

  </background>

52

  <description>

53

<p>

54

    Because of sharing the same codebase, IBM JDK and JRE are affected by

55

    the vulnerabilities mentioned in GLSA 200804-20.

56

    </p>

57

  </description>

58

  <impact type="normal">

59

<p>

60

    A remote attacker could entice a user to run a specially crafted applet

61

    on a website or start an application in Java Web Start to execute

62

    arbitrary code outside of the Java sandbox and of the Java security

63

    restrictions with the privileges of the user running Java. The attacker

64

    could also obtain sensitive information, create, modify, rename and

65

    read local files, execute local applications, establish connections in

66

    the local network, bypass the same origin policy, and cause a Denial of

67

    Service via multiple vectors.

68

    </p>

69

  </impact>

70

  <workaround>

71

<p>

72

    There is no known workaround at this time.

73

    </p>

74

  </workaround>

75

  <resolution>

76

<p>

77

    All IBM JDK 1.5 users should upgrade to the latest version:

78

    </p>

79

    <code>

80

    # emerge --sync

81

    # emerge --ask --oneshot --verbose &quot;&gt;=dev-java/ibm-jdk-bin-1.5.0.7&quot;</code>

82

<p>

83

    All IBM JDK 1.4 users should upgrade to the latest version:

84

    </p>

85

    <code>

86

    # emerge --sync

87

    # emerge --ask --oneshot --verbose &quot;&gt;=dev-java/ibm-jdk-bin-1.4.2.11&quot;</code>

88

<p>

89

    All IBM JRE 1.5 users should upgrade to the latest version:

90

    </p>

91

    <code>

92

    # emerge --sync

93

    # emerge --ask --oneshot --verbose &quot;&gt;=dev-java/ibm-jre-bin-1.5.0.7&quot;</code>

94

<p>

95

    All IBM JRE 1.4 users should upgrade to the latest version:

96

    </p>

97

    <code>

98

    # emerge --sync

99

    # emerge --ask --oneshot --verbose &quot;&gt;=dev-java/ibm-jre-bin-1.4.2.11&quot;</code>

100

  </resolution>

101

  <references>

102

    <uri link="http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml">GLSA 200804-20</uri>

103

  </references>

104

  <metadata tag="requester" timestamp="Sat, 05 Apr 2008 22:14:16 +0000">

105

rbu

106

  </metadata>

107

  <metadata tag="submitter" timestamp="Wed, 23 Apr 2008 17:16:09 +0000">

108

    keytoaster

109

  </metadata>

110

  <metadata tag="bugReady" timestamp="Tue, 24 Jun 2008 01:10:44 +0000">

111

rbu

112

  </metadata>

113

</glsa>

--

118

gentoo-commits@l.g.o mailing list

1	keytoaster 08/06/25 10:32:28
2
3	Added: glsa-200806-11.xml
4	Log:
5	GLSA 200806-11
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200806-11.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200806-11.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200806-11.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200806-11.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200806-11">
21	<title>IBM JDK/JRE: Multiple vulnerabilities</title>
22	<synopsis>
23	Multiple vulnerabilities have been found in IBM Java Development Kit (JDK)
24	and Java Runtime Environment (JRE), resulting in the execution of arbitrary
25	code.
26	</synopsis>
27	<product type="ebuild">ibm-jdk-bin ibm-jre-bin</product>
28	<announced>June 25, 2008</announced>
29	<revised>June 25, 2008: 01</revised>
30	<bug>186277</bug>
31	<bug>198644</bug>
32	<bug>216112</bug>
33	<access>remote</access>
34	<affected>
35	<package name="dev-java/ibm-jdk-bin" auto="yes" arch="*">
36	<unaffected range="ge">1.5.0.7</unaffected>
37	<unaffected range="rge">1.4.2.11</unaffected>
38	<vulnerable range="lt">1.5.0.7</vulnerable>
39	</package>
40	<package name="dev-java/ibm-jre-bin" auto="yes" arch="*">
41	<unaffected range="ge">1.5.0.7</unaffected>
42	<unaffected range="rge">1.4.2.11</unaffected>
43	<vulnerable range="lt">1.5.0.7</vulnerable>
44	</package>
45	</affected>
46	<background>
47	<p>
48	The IBM Java Development Kit (JDK) and the IBM Java Runtime Environment
49	(JRE) provide the IBM Java platform.
50	</p>
51	</background>
52	<description>
53	<p>
54	Because of sharing the same codebase, IBM JDK and JRE are affected by
55	the vulnerabilities mentioned in GLSA 200804-20.
56	</p>
57	</description>
58	<impact type="normal">
59	<p>
60	A remote attacker could entice a user to run a specially crafted applet
61	on a website or start an application in Java Web Start to execute
62	arbitrary code outside of the Java sandbox and of the Java security
63	restrictions with the privileges of the user running Java. The attacker
64	could also obtain sensitive information, create, modify, rename and
65	read local files, execute local applications, establish connections in
66	the local network, bypass the same origin policy, and cause a Denial of
67	Service via multiple vectors.
68	</p>
69	</impact>
70	<workaround>
71	<p>
72	There is no known workaround at this time.
73	</p>
74	</workaround>
75	<resolution>
76	<p>
77	All IBM JDK 1.5 users should upgrade to the latest version:
78	</p>
79	<code>
80	# emerge --sync
81	# emerge --ask --oneshot --verbose ">=dev-java/ibm-jdk-bin-1.5.0.7"</code>
82	<p>
83	All IBM JDK 1.4 users should upgrade to the latest version:
84	</p>
85	<code>
86	# emerge --sync
87	# emerge --ask --oneshot --verbose ">=dev-java/ibm-jdk-bin-1.4.2.11"</code>
88	<p>
89	All IBM JRE 1.5 users should upgrade to the latest version:
90	</p>
91	<code>
92	# emerge --sync
93	# emerge --ask --oneshot --verbose ">=dev-java/ibm-jre-bin-1.5.0.7"</code>
94	<p>
95	All IBM JRE 1.4 users should upgrade to the latest version:
96	</p>
97	<code>
98	# emerge --sync
99	# emerge --ask --oneshot --verbose ">=dev-java/ibm-jre-bin-1.4.2.11"</code>
100	</resolution>
101	<references>
102	<uri link="http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml">GLSA 200804-20</uri>
103	</references>
104	<metadata tag="requester" timestamp="Sat, 05 Apr 2008 22:14:16 +0000">
105	rbu
106	</metadata>
107	<metadata tag="submitter" timestamp="Wed, 23 Apr 2008 17:16:09 +0000">
108	keytoaster
109	</metadata>
110	<metadata tag="bugReady" timestamp="Tue, 24 Jun 2008 01:10:44 +0000">
111	rbu
112	</metadata>
113	</glsa>
114
115
116
117	--
118	gentoo-commits@l.g.o mailing list

Gentoo Archives: gentoo-commits