[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201006-18.xml - gentoo-commits

From:	"Alex Legler (a3li)" <a3li@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201006-18.xml
Date:	Fri, 04 Jun 2010 05:08:40
Message-Id:	`20100604050832.23C4F2CF4F@corvid.gentoo.org`

1

a3li        10/06/04 05:08:31

2

3

  Added:                glsa-201006-18.xml

4

  Log:

5

  GLSA 201006-18

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201006-18.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201006-18.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201006-18.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201006-18.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="201006-18">

21

  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>

22

  <synopsis>

23

    The Oracle JDK and JRE are vulnerable to multiple unspecified

24

    vulnerabilities.

25

  </synopsis>

26

  <product type="ebuild">sun-jre-bin sun-jdk emul-linux-x86-java</product>

27

  <announced>June 04, 2010</announced>

28

  <revised>June 04, 2010: 01</revised>

29

  <bug>306579</bug>

30

  <bug>314531</bug>

31

  <access>remote</access>

32

  <affected>

33

    <package name="dev-java/sun-jre-bin" auto="yes" arch="*">

34

      <unaffected range="ge">1.6.0.20</unaffected>

35

      <vulnerable range="lt">1.6.0.20</vulnerable>

36

    </package>

37

    <package name="dev-java/sun-jdk" auto="yes" arch="*">

38

      <unaffected range="ge">1.6.0.20</unaffected>

39

      <vulnerable range="lt">1.6.0.20</vulnerable>

40

    </package>

41

    <package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*">

42

      <unaffected range="ge">1.6.0.20</unaffected>

43

      <vulnerable range="lt">1.6.0.20</vulnerable>

44

    </package>

45

  </affected>

46

  <background>

47

<p>

48

    The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and

49

    the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)

50

    provide the Oracle Java platform (formerly known as Sun Java Platform).

51

    </p>

52

  </background>

53

  <description>

54

<p>

55

    Multiple vulnerabilities have been reported in the Oracle Java

56

    implementation. Please review the CVE identifiers referenced below and

57

    the associated Oracle Critical Patch Update Advisory for details.

58

    </p>

59

  </description>

60

  <impact type="normal">

61

<p>

62

    A remote attacker could exploit these vulnerabilities to cause

63

    unspecified impact, possibly including remote execution of arbitrary

64

    code.

65

    </p>

66

  </impact>

67

  <workaround>

68

<p>

69

    There is no known workaround at this time.

70

    </p>

71

  </workaround>

72

  <resolution>

73

<p>

74

    All Oracle JRE 1.6.x users should upgrade to the latest version:

75

    </p>

76

    <code>

77

    # emerge --sync

78

    # emerge --ask --oneshot --verbose &quot;&gt;=dev-java/sun-jre-bin-1.6.0.20&quot;</code>

79

<p>

80

    All Oracle JDK 1.6.x users should upgrade to the latest version:

81

    </p>

82

    <code>

83

    # emerge --sync

84

    # emerge --ask --oneshot --verbose &quot;&gt;=dev-java/sun-jdk-1.6.0.20&quot;</code>

85

<p>

86

    All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to

87

    the latest version:

88

    </p>

89

    <code>

90

    # emerge --sync

91

    # emerge --ask --oneshot --verbose &quot;&gt;=app-emulation/emul-linux-x86-java-1.6.0.20&quot;</code>

92

<p>

93

    All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle

94

    JRE 1.5.x users are strongly advised to unmerge Java 1.5:

95

    </p>

96

    <code>

97

    # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5*

98

    # emerge --unmerge =dev-java/sun-jre-bin-1.5*

99

    # emerge --unmerge =dev-java/sun-jdk-1.5*</code>

100

<p>

101

    Gentoo is ceasing support for the 1.5 generation of the Oracle Java

102

    Platform in accordance with upstream. All 1.5 JRE versions are masked

103

    and will be removed shortly. All 1.5 JDK versions are marked as

104

    "build-only" and will be masked for removal shortly. Users are advised

105

    to change their default user and system Java implementation to an

106

    unaffected version. For example:

107

    </p>

108

    <code>

109

    # java-config --set-system-vm sun-jdk-1.6</code>

110

<p>

111

    For more information, please consult the Gentoo Linux Java

112

    documentation.

113

    </p>

114

  </resolution>

115

  <references>

116

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</uri>

117

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082">CVE-2010-0082</uri>

118

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084">CVE-2010-0084</uri>

119

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085">CVE-2010-0085</uri>

120

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087">CVE-2010-0087</uri>

121

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088">CVE-2010-0088</uri>

122

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089">CVE-2010-0089</uri>

123

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090">CVE-2010-0090</uri>

124

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091">CVE-2010-0091</uri>

125

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092">CVE-2010-0092</uri>

126

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093">CVE-2010-0093</uri>

127

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094">CVE-2010-0094</uri>

128

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095">CVE-2010-0095</uri>

129

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837">CVE-2010-0837</uri>

130

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838">CVE-2010-0838</uri>

131

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839">CVE-2010-0839</uri>

132

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840">CVE-2010-0840</uri>

133

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841">CVE-2010-0841</uri>

134

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842">CVE-2010-0842</uri>

135

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843">CVE-2010-0843</uri>

136

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844">CVE-2010-0844</uri>

137

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845">CVE-2010-0845</uri>

138

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846">CVE-2010-0846</uri>

139

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847">CVE-2010-0847</uri>

140

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848">CVE-2010-0848</uri>

141

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849">CVE-2010-0849</uri>

142

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850">CVE-2010-0850</uri>

143

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886">CVE-2010-0886</uri>

144

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887">CVE-2010-0887</uri>

145

    <uri link="http://www.gentoo.org/doc/en/java.xml#doc_chap4">Gentoo Linux Java documentation</uri>

146

    <uri link="http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html">Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010</uri>

147

  </references>

148

  <metadata tag="requester" timestamp="Fri, 02 Apr 2010 09:43:04 +0000">

149

    a3li

150

  </metadata>

151

  <metadata tag="submitter" timestamp="Fri, 02 Apr 2010 09:59:07 +0000">

152

    a3li

153

  </metadata>

154

  <metadata tag="bugReady" timestamp="Fri, 04 Jun 2010 05:06:52 +0000">

155

    a3li

156

  </metadata>

157

</glsa>

1	a3li 10/06/04 05:08:31
2
3	Added: glsa-201006-18.xml
4	Log:
5	GLSA 201006-18
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201006-18.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201006-18.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201006-18.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201006-18.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="201006-18">
21	<title>Oracle JRE/JDK: Multiple vulnerabilities</title>
22	<synopsis>
23	The Oracle JDK and JRE are vulnerable to multiple unspecified
24	vulnerabilities.
25	</synopsis>
26	<product type="ebuild">sun-jre-bin sun-jdk emul-linux-x86-java</product>
27	<announced>June 04, 2010</announced>
28	<revised>June 04, 2010: 01</revised>
29	<bug>306579</bug>
30	<bug>314531</bug>
31	<access>remote</access>
32	<affected>
33	<package name="dev-java/sun-jre-bin" auto="yes" arch="*">
34	<unaffected range="ge">1.6.0.20</unaffected>
35	<vulnerable range="lt">1.6.0.20</vulnerable>
36	</package>
37	<package name="dev-java/sun-jdk" auto="yes" arch="*">
38	<unaffected range="ge">1.6.0.20</unaffected>
39	<vulnerable range="lt">1.6.0.20</vulnerable>
40	</package>
41	<package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*">
42	<unaffected range="ge">1.6.0.20</unaffected>
43	<vulnerable range="lt">1.6.0.20</vulnerable>
44	</package>
45	</affected>
46	<background>
47	<p>
48	The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
49	the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
50	provide the Oracle Java platform (formerly known as Sun Java Platform).
51	</p>
52	</background>
53	<description>
54	<p>
55	Multiple vulnerabilities have been reported in the Oracle Java
56	implementation. Please review the CVE identifiers referenced below and
57	the associated Oracle Critical Patch Update Advisory for details.
58	</p>
59	</description>
60	<impact type="normal">
61	<p>
62	A remote attacker could exploit these vulnerabilities to cause
63	unspecified impact, possibly including remote execution of arbitrary
64	code.
65	</p>
66	</impact>
67	<workaround>
68	<p>
69	There is no known workaround at this time.
70	</p>
71	</workaround>
72	<resolution>
73	<p>
74	All Oracle JRE 1.6.x users should upgrade to the latest version:
75	</p>
76	<code>
77	# emerge --sync
78	# emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.20"</code>
79	<p>
80	All Oracle JDK 1.6.x users should upgrade to the latest version:
81	</p>
82	<code>
83	# emerge --sync
84	# emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.20"</code>
85	<p>
86	All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to
87	the latest version:
88	</p>
89	<code>
90	# emerge --sync
91	# emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.20"</code>
92	<p>
93	All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle
94	JRE 1.5.x users are strongly advised to unmerge Java 1.5:
95	</p>
96	<code>
97	# emerge --unmerge =app-emulation/emul-linux-x86-java-1.5*
98	# emerge --unmerge =dev-java/sun-jre-bin-1.5*
99	# emerge --unmerge =dev-java/sun-jdk-1.5*</code>
100	<p>
101	Gentoo is ceasing support for the 1.5 generation of the Oracle Java
102	Platform in accordance with upstream. All 1.5 JRE versions are masked
103	and will be removed shortly. All 1.5 JDK versions are marked as
104	"build-only" and will be masked for removal shortly. Users are advised
105	to change their default user and system Java implementation to an
106	unaffected version. For example:
107	</p>
108	<code>
109	# java-config --set-system-vm sun-jdk-1.6</code>
110	<p>
111	For more information, please consult the Gentoo Linux Java
112	documentation.
113	</p>
114	</resolution>
115	<references>
116	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</uri>
117	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082">CVE-2010-0082</uri>
118	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084">CVE-2010-0084</uri>
119	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085">CVE-2010-0085</uri>
120	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087">CVE-2010-0087</uri>
121	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088">CVE-2010-0088</uri>
122	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089">CVE-2010-0089</uri>
123	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090">CVE-2010-0090</uri>
124	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091">CVE-2010-0091</uri>
125	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092">CVE-2010-0092</uri>
126	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093">CVE-2010-0093</uri>
127	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094">CVE-2010-0094</uri>
128	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095">CVE-2010-0095</uri>
129	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837">CVE-2010-0837</uri>
130	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838">CVE-2010-0838</uri>
131	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839">CVE-2010-0839</uri>
132	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840">CVE-2010-0840</uri>
133	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841">CVE-2010-0841</uri>
134	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842">CVE-2010-0842</uri>
135	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843">CVE-2010-0843</uri>
136	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844">CVE-2010-0844</uri>
137	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845">CVE-2010-0845</uri>
138	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846">CVE-2010-0846</uri>
139	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847">CVE-2010-0847</uri>
140	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848">CVE-2010-0848</uri>
141	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849">CVE-2010-0849</uri>
142	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850">CVE-2010-0850</uri>
143	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886">CVE-2010-0886</uri>
144	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887">CVE-2010-0887</uri>
145	<uri link="http://www.gentoo.org/doc/en/java.xml#doc_chap4">Gentoo Linux Java documentation</uri>
146	<uri link="http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html">Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010</uri>
147	</references>
148	<metadata tag="requester" timestamp="Fri, 02 Apr 2010 09:43:04 +0000">
149	a3li
150	</metadata>
151	<metadata tag="submitter" timestamp="Fri, 02 Apr 2010 09:59:07 +0000">
152	a3li
153	</metadata>
154	<metadata tag="bugReady" timestamp="Fri, 04 Jun 2010 05:06:52 +0000">
155	a3li
156	</metadata>
157	</glsa>

Gentoo Archives: gentoo-commits