– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201603-11
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Severity: Normal
Title: Oracle JRE/JDK: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #525472, #540054, #546678, #554886, #563684, #572432
ID: 201603-11
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Synopsis
========
Multiple vulnerabilities have been found in Oracle’s JRE and JDK
software suites allowing remote attackers to remotely execute arbitrary
code, obtain information, and cause Denial of Service.
Background
==========
Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in today’s
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that today’s
applications require.
Affected packages
=================
——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 dev-java/oracle-jre-bin < 1.8.0.72 >= 1.8.0.72
2 dev-java/oracle-jdk-bin < 1.8.0.72 >= 1.8.0.72
——————————————————————-
2 affected packages
Description
===========
Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please
review the referenced CVE’s for additional information.
Impact
======
Remote attackers could gain access to information, remotely execute
arbitrary code, and cause Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Oracle JRE Users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot -v “>=dev-java/oracle-jre-bin-1.8.0.72”
All Oracle JDK Users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot -v “>=dev-java/oracle-jdk-bin-1.8.0.72”
References
==========
[ 1 ] CVE-2015-0437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437
[ 2 ] CVE-2015-0437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437
[ 3 ] CVE-2015-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458
[ 4 ] CVE-2015-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459
[ 5 ] CVE-2015-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460
[ 6 ] CVE-2015-0469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469
[ 7 ] CVE-2015-0470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470
[ 8 ] CVE-2015-0477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477
[ 9 ] CVE-2015-0478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478
[ 10 ] CVE-2015-0480
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480
[ 11 ] CVE-2015-0484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484
[ 12 ] CVE-2015-0486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486
[ 13 ] CVE-2015-0488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488
[ 14 ] CVE-2015-0491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491
[ 15 ] CVE-2015-0492
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492
[ 16 ] CVE-2015-2590
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590
[ 17 ] CVE-2015-2601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601
[ 18 ] CVE-2015-2613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613
[ 19 ] CVE-2015-2619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619
[ 20 ] CVE-2015-2621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621
[ 21 ] CVE-2015-2625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625
[ 22 ] CVE-2015-2627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627
[ 23 ] CVE-2015-2628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628
[ 24 ] CVE-2015-2632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632
[ 25 ] CVE-2015-2637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637
[ 26 ] CVE-2015-2638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638
[ 27 ] CVE-2015-2659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659
[ 28 ] CVE-2015-2664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664
[ 29 ] CVE-2015-4000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000
[ 30 ] CVE-2015-4729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729
[ 31 ] CVE-2015-4731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731
[ 32 ] CVE-2015-4732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732
[ 33 ] CVE-2015-4733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733
[ 34 ] CVE-2015-4734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734
[ 35 ] CVE-2015-4734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734
[ 36 ] CVE-2015-4736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736
[ 37 ] CVE-2015-4748
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748
[ 38 ] CVE-2015-4760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760
[ 39 ] CVE-2015-4803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803
[ 40 ] CVE-2015-4803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803
[ 41 ] CVE-2015-4805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805
[ 42 ] CVE-2015-4805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805
[ 43 ] CVE-2015-4806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806
[ 44 ] CVE-2015-4806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806
[ 45 ] CVE-2015-4810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810
[ 46 ] CVE-2015-4810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810
[ 47 ] CVE-2015-4835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835
[ 48 ] CVE-2015-4835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835
[ 49 ] CVE-2015-4840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840
[ 50 ] CVE-2015-4840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840
[ 51 ] CVE-2015-4842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842
[ 52 ] CVE-2015-4842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842
[ 53 ] CVE-2015-4843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843
[ 54 ] CVE-2015-4843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843
[ 55 ] CVE-2015-4844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844
[ 56 ] CVE-2015-4844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844
[ 57 ] CVE-2015-4860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860
[ 58 ] CVE-2015-4860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860
[ 59 ] CVE-2015-4868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868
[ 60 ] CVE-2015-4868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868
[ 61 ] CVE-2015-4871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871
[ 62 ] CVE-2015-4871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871
[ 63 ] CVE-2015-4872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872
[ 64 ] CVE-2015-4872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872
[ 65 ] CVE-2015-4881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881
[ 66 ] CVE-2015-4881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881
[ 67 ] CVE-2015-4882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882
[ 68 ] CVE-2015-4882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882
[ 69 ] CVE-2015-4883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883
[ 70 ] CVE-2015-4883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883
[ 71 ] CVE-2015-4893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893
[ 72 ] CVE-2015-4893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893
[ 73 ] CVE-2015-4901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901
[ 74 ] CVE-2015-4901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901
[ 75 ] CVE-2015-4902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902
[ 76 ] CVE-2015-4902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902
[ 77 ] CVE-2015-4903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903
[ 78 ] CVE-2015-4903
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903
[ 79 ] CVE-2015-4906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906
[ 80 ] CVE-2015-4906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906
[ 81 ] CVE-2015-4908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908
[ 82 ] CVE-2015-4908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908
[ 83 ] CVE-2015-4911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911
[ 84 ] CVE-2015-4911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911
[ 85 ] CVE-2015-4916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916
[ 86 ] CVE-2015-4916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916
[ 87 ] CVE-2015-7840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840
[ 88 ] CVE-2015-7840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-11
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
—–BEGIN PGP SIGNATURE—–
iQEcBAEBCgAGBQJW5A0/AAoJECULev7WN52Fs9EIAIGJNRhHjRm6dFcNHM6MR40I
yGUo9ZAUkC8jnfiK9KM0iajf8RkZLbo8oyQlbXbGlmzMz/sye5FvpVpotO6T7FmH
NxGCVhM3IXU5Q13TCVzAJqoQX0ZRGYyALpIwvMd48rx2TQRW8zKrjVUnS5+Ld2sk
rAdNUJUK7c4aintZsGOFyUju63kn8C4eiM7S9xiz7OwHjLQAk4lifAdycx7MpulW
4civIlgMedhbO1gsmWlduU71y4X4f6X2RtRmZookQ3wwC1l3vIhn7vKcGODgTF9p
HmFbJNpj6neYZIPR/0r48uDQ4osNDydAlzp4SqWe12Rgz4e5rTfrLFS10qglrvM=
=3Uxn
—–END PGP SIGNATURE—–