[ GLSA 201707-01 ] IcedTea

[GLSA]

Gentoo Linux Security Advisory

Title: IcedTea: Multiple vulnerabilities (GLSA 201707-01)
Severity: normal
Exploitable: remote
Date: 2017-07-05
Bug(s): #607676, #609562, #618874, #619458
ID: 201707-01

Synopsis

Multiple vulnerabilities have been found in IcedTea, the worst of
which may allow execution of arbitrary code.


Background

IcedTea’s aim is to provide OpenJDK in a form suitable for easy
configuration, compilation and distribution with the primary goal of
allowing inclusion in GNU/Linux distributions.


Affected Packages

Package: dev-java/icedtea-bin
Vulnerable: < 7.2.6.10
Vulnerable: < 3.4.0
Unaffected: >= 7.2.6.10
Unaffected: >= 3.4.0
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in IcedTea. Please review
the CVE identifiers referenced below for details.
Note: If the web browser plug-in provided by the dev-java/icedtea-web
package was installed, the issues exposed via Java applets could have
been exploited without user interaction if a user visited a malicious
website.


Impact

A remote attacker could possibly execute arbitrary code with the
privileges of the process, gain access to information, or cause a Denial
of Service condition.


Workaround

There is no known workaround at this time.

Resolution

All IcedTea binary 7.x users should upgrade to the latest version: