[ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities

[GLSA]

Gentoo Linux Security Advisory

Title: Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201111-02)
Severity: normal
Exploitable: remote
Date: November 05, 2011
Bug(s): #340421, #354213, #370559, #387851
ID: 201111-02

Synopsis

Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact.


Background

The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).


Affected Packages

Package: dev-java/sun-jre-bin
Vulnerable: < 1.6.0.29
Unaffected: >= 1.6.0.29
Architectures: All supported architectures

Package: app-emulation/emul-linux-x86-java
Vulnerable: < 1.6.0.29
Unaffected: >= 1.6.0.29
Architectures: All supported architectures

Package: dev-java/sun-jdk
Vulnerable: < 1.6.0.29
Unaffected: >= 1.6.0.29
Architectures: All supported architectures


Description

Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below and
the associated Oracle Critical Patch Update Advisory for details.


Impact

A remote attacker could exploit these vulnerabilities to cause
unspecified impact, possibly including remote execution of arbitrary
code.


Workaround

There is no known workaround at this time.

Resolution

All Oracle JDK 1.6 users should upgrade to the latest version: