Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in IcedTea und Oracle JDK-JRE
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in IcedTea und Oracle JDK-JRE
ID: 201709-22
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Mo, 25. September 2017, 07:46
Referenzen: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10114
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10116
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10115
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10111
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10117
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10110
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10243
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10109
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10090
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10118
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10102
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-10053
Applikationen: Oracle JDK, IcedTea

Originalnachricht

--nextPart1559894.qS21bPmDU
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"

=2D - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-22
=2D - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
=2D - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Oracle JDK/JRE, IcedTea: Multiple vulnerabilities
Date: September 24, 2017
Bugs: #625602, #626088, #627682
ID: 201709-22

=2D - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been found in Oracle's JRE and JDK
software suites, and IcedTea, the worst of which may allow execution of
arbitrary code.

Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in today=E2=80=99s
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that today=E2=80=99s
applications require.

IcedTea=E2=80=99s aim is to provide OpenJDK in a form suitable for easy
configuration, compilation and distribution with the primary goal of
allowing inclusion in GNU/Linux distributions.

Affected packages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/oracle-jdk-bin < 1.8.0.141 >=3D
1.8.0.141=20
2 dev-java/oracle-jre-bin < 1.8.0.141 >=3D
1.8.0.141=20
3 dev-java/icedtea-bin < 3.5.0:8 *>=3D
3.5.0:8=20
< 7.2.6.11:7 *>=3D
7.2.6.11:7=20
-------------------------------------------------------------------
3 affected packages

Description
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been discovered in Oracle=E2=80=99s JRE, JDK =
and
IcedTea. Please review the referenced CVE identifiers for details.

Impact
=3D=3D=3D=3D=3D=3D

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or gain
access to information.

Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

There is no known workaround at this time.

Resolution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

All Oracle JDK binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v
">=3Ddev-java/oracle-jdk-bin-1.8.0.141"

All Oracle JRE binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v
">=3Ddev-java/oracle-jre-bin-1.8.0.141"

All IcedTea binary 7.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=3Ddev-java/icedtea-bin-7.2.6.11"

All IcedTea binary 3.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=3Ddev-java/icedtea-bin-3.5.0"

References
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[ 1 ] CVE-2017-10053
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10053
[ 2 ] CVE-2017-10067
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10067
[ 3 ] CVE-2017-10074
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10074
[ 4 ] CVE-2017-10078
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10078
[ 5 ] CVE-2017-10081
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10081
[ 6 ] CVE-2017-10086
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10086
[ 7 ] CVE-2017-10087
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10087
[ 8 ] CVE-2017-10089
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10089
[ 9 ] CVE-2017-10090
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10090
[ 10 ] CVE-2017-10096
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10096
[ 11 ] CVE-2017-10101
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10101
[ 12 ] CVE-2017-10102
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10102
[ 13 ] CVE-2017-10105
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10105
[ 14 ] CVE-2017-10107
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10107
[ 15 ] CVE-2017-10108
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10108
[ 16 ] CVE-2017-10109
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10109
[ 17 ] CVE-2017-10110
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10110
[ 18 ] CVE-2017-10111
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10111
[ 19 ] CVE-2017-10114
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10114
[ 20 ] CVE-2017-10115
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10115
[ 21 ] CVE-2017-10116
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10116
[ 22 ] CVE-2017-10117
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10117
[ 23 ] CVE-2017-10118
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10118
[ 24 ] CVE-2017-10121
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10121
[ 25 ] CVE-2017-10125
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10125
[ 26 ] CVE-2017-10135
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10135
[ 27 ] CVE-2017-10176
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10176
[ 28 ] CVE-2017-10193
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10193
[ 29 ] CVE-2017-10198
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10198
[ 30 ] CVE-2017-10243
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-10243

Availability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201709-22

Concerns?
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=3D=3D=3D=3D=3D=3D=3D

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
--nextPart1559894.qS21bPmDUe
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlnIKYgACgkQpRQw84X1
dt1Rqgf+ItFfKWLNcMfestVCQn6QGr9lpDKHcObWYYG+RhimqEAiV/0lff7z+yG0
pIitXt0T6Xij9QyCQOuNnv1o3F91h+qyvt1DtGn7ywFlksyHgEk3itNG87hSqYMr
+c9ZlsaqhqjgKYU/By2zriUYWs/LczMJmba2Bkq8xFneYoKc3Bs9N7sF3TvXcLRn
8ISOvbIe8vZNv1eWHjQjXVnksS8kt5+FL6n3ZxLFA2jBbwFnVMUE+BtY1sCygElp
pSJBCIimMxzJQ5KMtlCOvV8oT3gz/M6QG8qTI8hRxJrU3GaQlpWMXvy3gi+1NyXh
/quOk2RmtqJ2SlkdMcou/xX48xCMng==
=HaBY
-----END PGP SIGNATURE-----

--nextPart1559894.qS21bPmDUe--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung