drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Oracle JRE-JDK
Name: |
Mehrere Probleme in Oracle JRE-JDK |
|
ID: |
201502-12 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
So, 15. Februar 2015, 22:45 |
|
Referenzen: |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562 |
|
Applikationen: |
Oracle JDK |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --9fsahuaB7guIepgiWoxbhHfVfWMaIcsOA Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: February 15, 2015 Bugs: #507798, #508716, #517220, #525464 ID: 201502-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in Oracle's Java SE Development Kit and Runtime Environment, the worst of which could lead to execution of arbitrary code.
Background ==========
Oracle's Java SE Development Kit and Runtime Environment
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/oracle-jre-bin < 1.7.0.71 >= 1.7.0.71 2 dev-java/oracle-jdk-bin < 1.7.0.71 >= 1.7.0.71 3 app-emulation/emul-linux-x86-java < 1.7.0.71 >= 1.7.0.71 ------------------------------------------------------------------- 3 affected packages
Description ===========
Multiple vulnerabilities have been discovered in Oracle's Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details.
Impact ======
A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.71"
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.71"
All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.71"
References ==========
[ 1 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 2 ] CVE-2014-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432 [ 3 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 4 ] CVE-2014-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448 [ 5 ] CVE-2014-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449 [ 6 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 7 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 8 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 9 ] CVE-2014-0454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454 [ 10 ] CVE-2014-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455 [ 11 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 12 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 13 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 14 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 15 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 16 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 17 ] CVE-2014-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463 [ 18 ] CVE-2014-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464 [ 19 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 20 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 21 ] CVE-2014-2401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401 [ 22 ] CVE-2014-2402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402 [ 23 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 24 ] CVE-2014-2409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409 [ 25 ] CVE-2014-2410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410 [ 26 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 27 ] CVE-2014-2413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413 [ 28 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 29 ] CVE-2014-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420 [ 30 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 31 ] CVE-2014-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422 [ 32 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 33 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427 [ 34 ] CVE-2014-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428 [ 35 ] CVE-2014-2483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483 [ 36 ] CVE-2014-2490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490 [ 37 ] CVE-2014-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208 [ 38 ] CVE-2014-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209 [ 39 ] CVE-2014-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216 [ 40 ] CVE-2014-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218 [ 41 ] CVE-2014-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219 [ 42 ] CVE-2014-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220 [ 43 ] CVE-2014-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221 [ 44 ] CVE-2014-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223 [ 45 ] CVE-2014-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227 [ 46 ] CVE-2014-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244 [ 47 ] CVE-2014-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247 [ 48 ] CVE-2014-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252 [ 49 ] CVE-2014-4262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262 [ 50 ] CVE-2014-4263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263 [ 51 ] CVE-2014-4264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264 [ 52 ] CVE-2014-4265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265 [ 53 ] CVE-2014-4266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266 [ 54 ] CVE-2014-4268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268 [ 55 ] CVE-2014-4288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288 [ 56 ] CVE-2014-6456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456 [ 57 ] CVE-2014-6457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457 [ 58 ] CVE-2014-6458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458 [ 59 ] CVE-2014-6466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466 [ 60 ] CVE-2014-6468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468 [ 61 ] CVE-2014-6476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476 [ 62 ] CVE-2014-6485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485 [ 63 ] CVE-2014-6492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492 [ 64 ] CVE-2014-6493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493 [ 65 ] CVE-2014-6502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502 [ 66 ] CVE-2014-6503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503 [ 67 ] CVE-2014-6504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504 [ 68 ] CVE-2014-6506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506 [ 69 ] CVE-2014-6511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511 [ 70 ] CVE-2014-6512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512 [ 71 ] CVE-2014-6513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513 [ 72 ] CVE-2014-6515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515 [ 73 ] CVE-2014-6517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517 [ 74 ] CVE-2014-6519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519 [ 75 ] CVE-2014-6527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527 [ 76 ] CVE-2014-6531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531 [ 77 ] CVE-2014-6532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532 [ 78 ] CVE-2014-6558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558 [ 79 ] CVE-2014-6562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-12.xml
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--9fsahuaB7guIepgiWoxbhHfVfWMaIcsOA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJU4K9zAAoJEP7VAChXwav6SnkIALbuRHrk1XWNnhqcoSQqugQl 8oVX+E92UPG5PFuMrb9XpK6GsFYkRo5ohTLlGbGcnjmcGpOhiVEN8rNwY0Abjiyq Zf/GcEmCXjmvSYLdTPWQesaNQHUaeXcCPpnn1c1JvypHV/B6h9MXjQC+7l58PDHF fbFx4s2FFyFf5NLrsImpfv48lJJy1EEMHUwDEZEBf0vZvUboa4ifn0Z216TvdXBB osCi0nn3jb4k0/mF7SRknq2StEsyeB6HwspY8JGllq+wGS4odhjaoG64hpRFa2yl i9I7dCbDW9hYqqQbP9wd04OEbYOIsvyXsHEbrfKdrgKR3+gpL1umIxTPW6+8nyg= =m+Zk -----END PGP SIGNATURE-----
--9fsahuaB7guIepgiWoxbhHfVfWMaIcsOA--
|
|
|
|