GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Nov 19, 2017 9:26 pm Post subject: [ GLSA 201711-14 ] IcedTea |
 |
|
Gentoo Linux Security Advisory
Title: IcedTea: Multiple vulnerabilities (GLSA 201711-14)
Severity: normal
Exploitable: remote
Date: 2017-11-19
Bug(s): #636522
ID: 201711-14
Synopsis
Multiple vulnerabilities have been found in IcedTea, the worst of
which may allow execution of arbitrary code.
Background
IcedTea’s aim is to provide OpenJDK in a form suitable for easy
configuration, compilation and distribution with the primary goal of
allowing inclusion in GNU/Linux distributions.
Affected Packages
Package: dev-java/icedtea-bin
Vulnerable: < 3.6.0
Unaffected: >= 3.6.0
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in IcedTea. Please review
the referenced CVE identifiers for details.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or gain
access to information.
Workaround
There is no known workaround at this time.
Resolution
All IcedTea binary users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.6.0"
|
References
CVE-2017-10274
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 1 time in total |
|
News & Announcements
