exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Gentoo Linux Security Advisory 201111-02

Gentoo Linux Security Advisory 201111-02
Posted Nov 6, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201111-2 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impacts. Versions less than 1.6.0.29 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422
SHA-256 | bdd25e09a3d2a79cb6d767a8541e666e1faf5d0e50b98660a81be4dbc3da723d

Gentoo Linux Security Advisory 201111-02

Change Mirror Download
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201111-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Oracle JRE/JDK: Multiple vulnerabilities
Date: November 05, 2011
Bugs: #340421, #354213, #370559, #387851
ID: 201111-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact.

Background
==========

The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 *
2 app-emulation/emul-linux-x86-java
< 1.6.0.29 >= 1.6.0.29 *
3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 *
-------------------------------------------------------------------
NOTE: Packages marked with asterisks require manual intervention!
-------------------------------------------------------------------
3 affected packages
-------------------------------------------------------------------

Description
===========

Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below and
the associated Oracle Critical Patch Update Advisory for details.

Impact
======

A remote attacker could exploit these vulnerabilities to cause
unspecified impact, possibly including remote execution of arbitrary
code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Oracle JDK 1.6 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"

All Oracle JRE 1.6 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"

All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to
the latest version:

# emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"

NOTE: As Oracle has revoked the DLJ license for its Java
implementation, the packages can no longer be updated automatically.
This limitation is not present on a non-fetch restricted implementation
such as dev-java/icedtea-bin.

References
==========

[ 1 ] CVE-2010-3541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541
[ 2 ] CVE-2010-3548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548
[ 3 ] CVE-2010-3549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549
[ 4 ] CVE-2010-3550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550
[ 5 ] CVE-2010-3551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551
[ 6 ] CVE-2010-3552
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552
[ 7 ] CVE-2010-3553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553
[ 8 ] CVE-2010-3554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554
[ 9 ] CVE-2010-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555
[ 10 ] CVE-2010-3556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556
[ 11 ] CVE-2010-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557
[ 12 ] CVE-2010-3558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558
[ 13 ] CVE-2010-3559
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559
[ 14 ] CVE-2010-3560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560
[ 15 ] CVE-2010-3561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561
[ 16 ] CVE-2010-3562
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562
[ 17 ] CVE-2010-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563
[ 18 ] CVE-2010-3565
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565
[ 19 ] CVE-2010-3566
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566
[ 20 ] CVE-2010-3567
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567
[ 21 ] CVE-2010-3568
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568
[ 22 ] CVE-2010-3569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569
[ 23 ] CVE-2010-3570
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570
[ 24 ] CVE-2010-3571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571
[ 25 ] CVE-2010-3572
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572
[ 26 ] CVE-2010-3573
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573
[ 27 ] CVE-2010-3574
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574
[ 28 ] CVE-2010-4422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422
[ 29 ] CVE-2010-4447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447
[ 30 ] CVE-2010-4448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448
[ 31 ] CVE-2010-4450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450
[ 32 ] CVE-2010-4451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451
[ 33 ] CVE-2010-4452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452
[ 34 ] CVE-2010-4454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454
[ 35 ] CVE-2010-4462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462
[ 36 ] CVE-2010-4463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463
[ 37 ] CVE-2010-4465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465
[ 38 ] CVE-2010-4466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466
[ 39 ] CVE-2010-4467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467
[ 40 ] CVE-2010-4468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468
[ 41 ] CVE-2010-4469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469
[ 42 ] CVE-2010-4470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470
[ 43 ] CVE-2010-4471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471
[ 44 ] CVE-2010-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472
[ 45 ] CVE-2010-4473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473
[ 46 ] CVE-2010-4474
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474
[ 47 ] CVE-2010-4475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475
[ 48 ] CVE-2010-4476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476
[ 49 ] CVE-2011-0802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802
[ 50 ] CVE-2011-0814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814
[ 51 ] CVE-2011-0815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815
[ 52 ] CVE-2011-0862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862
[ 53 ] CVE-2011-0863
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863
[ 54 ] CVE-2011-0864
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864
[ 55 ] CVE-2011-0865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865
[ 56 ] CVE-2011-0867
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867
[ 57 ] CVE-2011-0868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868
[ 58 ] CVE-2011-0869
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869
[ 59 ] CVE-2011-0871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871
[ 60 ] CVE-2011-0872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872
[ 61 ] CVE-2011-0873
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873
[ 62 ] CVE-2011-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389
[ 63 ] CVE-2011-3516
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516
[ 64 ] CVE-2011-3521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521
[ 65 ] CVE-2011-3544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544
[ 66 ] CVE-2011-3545
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545
[ 67 ] CVE-2011-3546
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546
[ 68 ] CVE-2011-3547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547
[ 69 ] CVE-2011-3548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548
[ 70 ] CVE-2011-3549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549
[ 71 ] CVE-2011-3550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550
[ 72 ] CVE-2011-3551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551
[ 73 ] CVE-2011-3552
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552
[ 74 ] CVE-2011-3553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553
[ 75 ] CVE-2011-3554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554
[ 76 ] CVE-2011-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555
[ 77 ] CVE-2011-3556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556
[ 78 ] CVE-2011-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557
[ 79 ] CVE-2011-3558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558
[ 80 ] CVE-2011-3560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560
[ 81 ] CVE-2011-3561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201111-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close