From: | "Alex Legler (a3li)" <a3li@g.o> |
---|---|
To: | gentoo-commits@l.g.o |
Subject: | [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201006-18.xml |
Date: | Fri, 04 Jun 2010 05:08:40 |
Message-Id: | 20100604050832.23C4F2CF4F@corvid.gentoo.org |
1 | a3li 10/06/04 05:08:31 |
2 | |
3 | Added: glsa-201006-18.xml |
4 | Log: |
5 | GLSA 201006-18 |
6 | |
7 | Revision Changes Path |
8 | 1.1 xml/htdocs/security/en/glsa/glsa-201006-18.xml |
9 | |
10 | file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201006-18.xml?rev=1.1&view=markup |
11 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201006-18.xml?rev=1.1&content-type=text/plain |
12 | |
13 | Index: glsa-201006-18.xml |
14 | =================================================================== |
15 | <?xml version="1.0" encoding="utf-8"?> |
16 | <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?> |
17 | <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> |
18 | <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> |
19 | |
20 | <glsa id="201006-18"> |
21 | <title>Oracle JRE/JDK: Multiple vulnerabilities</title> |
22 | <synopsis> |
23 | The Oracle JDK and JRE are vulnerable to multiple unspecified |
24 | vulnerabilities. |
25 | </synopsis> |
26 | <product type="ebuild">sun-jre-bin sun-jdk emul-linux-x86-java</product> |
27 | <announced>June 04, 2010</announced> |
28 | <revised>June 04, 2010: 01</revised> |
29 | <bug>306579</bug> |
30 | <bug>314531</bug> |
31 | <access>remote</access> |
32 | <affected> |
33 | <package name="dev-java/sun-jre-bin" auto="yes" arch="*"> |
34 | <unaffected range="ge">1.6.0.20</unaffected> |
35 | <vulnerable range="lt">1.6.0.20</vulnerable> |
36 | </package> |
37 | <package name="dev-java/sun-jdk" auto="yes" arch="*"> |
38 | <unaffected range="ge">1.6.0.20</unaffected> |
39 | <vulnerable range="lt">1.6.0.20</vulnerable> |
40 | </package> |
41 | <package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*"> |
42 | <unaffected range="ge">1.6.0.20</unaffected> |
43 | <vulnerable range="lt">1.6.0.20</vulnerable> |
44 | </package> |
45 | </affected> |
46 | <background> |
47 | <p> |
48 | The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and |
49 | the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) |
50 | provide the Oracle Java platform (formerly known as Sun Java Platform). |
51 | </p> |
52 | </background> |
53 | <description> |
54 | <p> |
55 | Multiple vulnerabilities have been reported in the Oracle Java |
56 | implementation. Please review the CVE identifiers referenced below and |
57 | the associated Oracle Critical Patch Update Advisory for details. |
58 | </p> |
59 | </description> |
60 | <impact type="normal"> |
61 | <p> |
62 | A remote attacker could exploit these vulnerabilities to cause |
63 | unspecified impact, possibly including remote execution of arbitrary |
64 | code. |
65 | </p> |
66 | </impact> |
67 | <workaround> |
68 | <p> |
69 | There is no known workaround at this time. |
70 | </p> |
71 | </workaround> |
72 | <resolution> |
73 | <p> |
74 | All Oracle JRE 1.6.x users should upgrade to the latest version: |
75 | </p> |
76 | <code> |
77 | # emerge --sync |
78 | # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.20"</code> |
79 | <p> |
80 | All Oracle JDK 1.6.x users should upgrade to the latest version: |
81 | </p> |
82 | <code> |
83 | # emerge --sync |
84 | # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.20"</code> |
85 | <p> |
86 | All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to |
87 | the latest version: |
88 | </p> |
89 | <code> |
90 | # emerge --sync |
91 | # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.20"</code> |
92 | <p> |
93 | All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle |
94 | JRE 1.5.x users are strongly advised to unmerge Java 1.5: |
95 | </p> |
96 | <code> |
97 | # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5* |
98 | # emerge --unmerge =dev-java/sun-jre-bin-1.5* |
99 | # emerge --unmerge =dev-java/sun-jdk-1.5*</code> |
100 | <p> |
101 | Gentoo is ceasing support for the 1.5 generation of the Oracle Java |
102 | Platform in accordance with upstream. All 1.5 JRE versions are masked |
103 | and will be removed shortly. All 1.5 JDK versions are marked as |
104 | "build-only" and will be masked for removal shortly. Users are advised |
105 | to change their default user and system Java implementation to an |
106 | unaffected version. For example: |
107 | </p> |
108 | <code> |
109 | # java-config --set-system-vm sun-jdk-1.6</code> |
110 | <p> |
111 | For more information, please consult the Gentoo Linux Java |
112 | documentation. |
113 | </p> |
114 | </resolution> |
115 | <references> |
116 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</uri> |
117 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082">CVE-2010-0082</uri> |
118 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084">CVE-2010-0084</uri> |
119 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085">CVE-2010-0085</uri> |
120 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087">CVE-2010-0087</uri> |
121 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088">CVE-2010-0088</uri> |
122 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089">CVE-2010-0089</uri> |
123 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090">CVE-2010-0090</uri> |
124 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091">CVE-2010-0091</uri> |
125 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092">CVE-2010-0092</uri> |
126 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093">CVE-2010-0093</uri> |
127 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094">CVE-2010-0094</uri> |
128 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095">CVE-2010-0095</uri> |
129 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837">CVE-2010-0837</uri> |
130 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838">CVE-2010-0838</uri> |
131 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839">CVE-2010-0839</uri> |
132 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840">CVE-2010-0840</uri> |
133 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841">CVE-2010-0841</uri> |
134 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842">CVE-2010-0842</uri> |
135 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843">CVE-2010-0843</uri> |
136 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844">CVE-2010-0844</uri> |
137 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845">CVE-2010-0845</uri> |
138 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846">CVE-2010-0846</uri> |
139 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847">CVE-2010-0847</uri> |
140 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848">CVE-2010-0848</uri> |
141 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849">CVE-2010-0849</uri> |
142 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850">CVE-2010-0850</uri> |
143 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886">CVE-2010-0886</uri> |
144 | <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887">CVE-2010-0887</uri> |
145 | <uri link="http://www.gentoo.org/doc/en/java.xml#doc_chap4">Gentoo Linux Java documentation</uri> |
146 | <uri link="http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html">Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010</uri> |
147 | </references> |
148 | <metadata tag="requester" timestamp="Fri, 02 Apr 2010 09:43:04 +0000"> |
149 | a3li |
150 | </metadata> |
151 | <metadata tag="submitter" timestamp="Fri, 02 Apr 2010 09:59:07 +0000"> |
152 | a3li |
153 | </metadata> |
154 | <metadata tag="bugReady" timestamp="Fri, 04 Jun 2010 05:06:52 +0000"> |
155 | a3li |
156 | </metadata> |
157 | </glsa> |