GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Mar 19, 2018 1:26 am Post subject: [ GLSA 201803-06 ] Oracle JDK/JRE |
|
|
Gentoo Linux Security Advisory
Title: Oracle JDK/JRE: Multiple vulnerabilities (GLSA 201803-06)
Severity: normal
Exploitable: remote
Date: 2018-03-19
Bug(s): #645268
ID: 201803-06
Synopsis
Multiple vulnerabilities have been found in Oracle's JDK and JRE
software suites, the worst of which may allow execution of arbitrary code.
Background
Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in today’s
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that today’s
applications require.
Affected Packages
Package: dev-java/oracle-jdk-bin
Vulnerable: < 1.8.0.162
Unaffected: >= 1.8.0.162
Architectures: All supported architectures
Package: dev-java/oracle-jre-bin
Vulnerable: < 1.8.0.162
Unaffected: >= 1.8.0.162
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Oracle’s Java SE.
Please review the referenced CVE identifiers for details.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, gain access to information, or cause a Denial
of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=dev-java/oracle-jdk-bin-1.8.0.162:1.8"
| All Oracle JRE users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=dev-java/oracle-jre-bin-1.8.0.162:1.8"
|
References
CVE-2018-2579
CVE-2018-2581
CVE-2018-2582
CVE-2018-2588
CVE-2018-2599
CVE-2018-2602
CVE-2018-2603
CVE-2018-2618
CVE-2018-2627
CVE-2018-2629
CVE-2018-2633
CVE-2018-2634
CVE-2018-2637
CVE-2018-2638
CVE-2018-2639
CVE-2018-2641
CVE-2018-2663 |
|