summaryrefslogtreecommitdiff
blob: 15bf9f07f4713229dbf3ff9c253d281b454b4c2d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201111-02">
  <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
  <synopsis>Multiple vulnerabilities have been found in the Oracle JRE/JDK,
    allowing attackers to cause unspecified impact.
  </synopsis>
  <product type="ebuild">sun-jre-bin sun-jdk emul-linux-x86-java</product>
  <announced>November 05, 2011</announced>
  <revised>November 05, 2011: 1</revised>
  <bug>340421</bug>
  <bug>354213</bug>
  <bug>370559</bug>
  <bug>387851</bug>
  <access>remote</access>
  <affected>
    <package name="dev-java/sun-jre-bin" auto="no" arch="*">
      <unaffected range="ge">1.6.0.29</unaffected>
      <vulnerable range="lt">1.6.0.29</vulnerable>
    </package>
    <package name="app-emulation/emul-linux-x86-java" auto="no" arch="*">
      <unaffected range="ge">1.6.0.29</unaffected>
      <vulnerable range="lt">1.6.0.29</vulnerable>
    </package>
    <package name="dev-java/sun-jdk" auto="no" arch="*">
      <unaffected range="ge">1.6.0.29</unaffected>
      <vulnerable range="lt">1.6.0.29</vulnerable>
    </package>
  </affected>
  <background>
    <p>The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
      the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
      provide the Oracle Java platform (formerly known as Sun Java Platform).
    </p>
  </background>
  <description>
    <p>Multiple vulnerabilities have been reported in the Oracle Java
      implementation. Please review the CVE identifiers referenced below and
      the associated Oracle Critical Patch Update Advisory for details. 
    </p>
  </description>
  <impact type="normal">
    <p>A remote attacker could exploit these vulnerabilities to cause
      unspecified impact, possibly including remote execution of arbitrary
      code. 
    </p>
  </impact>
  <workaround>
    <p>There is no known workaround at this time.</p>
  </workaround>
  <resolution>
    <p>All Oracle JDK 1.6 users should upgrade to the latest version:</p>
    
    <code>
      # emerge --sync
      # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jdk-1.6.0.29"
    </code>
    
    <p>All Oracle JRE 1.6 users should upgrade to the latest version:</p>
    
    <code>
      # emerge --sync
      # emerge --ask --oneshot --verbose "&gt;=dev-java/sun-jre-bin-1.6.0.29"
    </code>
    
    <p>All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the
      latest version:
    </p>
    
    <code>
      # emerge --sync
      # emerge --ask --oneshot --verbose
      "&gt;=app-emulation/emul-linux-x86-java-1.6.0.29"
    </code>
    
    <p>NOTE: As Oracle has revoked the DLJ license for its Java implementation,
      the packages can no longer be updated automatically. This limitation is
      not present on a non-fetch restricted implementation such as
      dev-java/icedtea-bin.
    </p>
  </resolution>
  <references>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541">CVE-2010-3541</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548">CVE-2010-3548</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549">CVE-2010-3549</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550">CVE-2010-3550</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551">CVE-2010-3551</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552">CVE-2010-3552</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553">CVE-2010-3553</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554">CVE-2010-3554</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555">CVE-2010-3555</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556">CVE-2010-3556</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557">CVE-2010-3557</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558">CVE-2010-3558</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559">CVE-2010-3559</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560">CVE-2010-3560</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561">CVE-2010-3561</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562">CVE-2010-3562</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563">CVE-2010-3563</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565">CVE-2010-3565</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566">CVE-2010-3566</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567">CVE-2010-3567</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568">CVE-2010-3568</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569">CVE-2010-3569</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570">CVE-2010-3570</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571">CVE-2010-3571</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572">CVE-2010-3572</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573">CVE-2010-3573</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574">CVE-2010-3574</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422">CVE-2010-4422</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447">CVE-2010-4447</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448">CVE-2010-4448</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450">CVE-2010-4450</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451">CVE-2010-4451</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452">CVE-2010-4452</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454">CVE-2010-4454</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462">CVE-2010-4462</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463">CVE-2010-4463</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465">CVE-2010-4465</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466">CVE-2010-4466</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467">CVE-2010-4467</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468">CVE-2010-4468</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469">CVE-2010-4469</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470">CVE-2010-4470</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471">CVE-2010-4471</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472">CVE-2010-4472</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473">CVE-2010-4473</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474">CVE-2010-4474</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475">CVE-2010-4475</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476">CVE-2010-4476</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802">CVE-2011-0802</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814">CVE-2011-0814</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815">CVE-2011-0815</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862">CVE-2011-0862</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863">CVE-2011-0863</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864">CVE-2011-0864</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865">CVE-2011-0865</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867">CVE-2011-0867</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868">CVE-2011-0868</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869">CVE-2011-0869</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871">CVE-2011-0871</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872">CVE-2011-0872</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873">CVE-2011-0873</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389">CVE-2011-3389</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516">CVE-2011-3516</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521">CVE-2011-3521</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544">CVE-2011-3544</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545">CVE-2011-3545</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546">CVE-2011-3546</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547">CVE-2011-3547</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548">CVE-2011-3548</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549">CVE-2011-3549</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550">CVE-2011-3550</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551">CVE-2011-3551</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552">CVE-2011-3552</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553">CVE-2011-3553</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554">CVE-2011-3554</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555">CVE-2011-3555</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556">CVE-2011-3556</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557">CVE-2011-3557</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558">CVE-2011-3558</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560">CVE-2011-3560</uri>
    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561">CVE-2011-3561</uri>
  </references>
  <metadata timestamp="Fri, 07 Oct 2011 23:38:14 +0000" tag="requester">
    underling
  </metadata>
  <metadata timestamp="Sat, 05 Nov 2011 10:22:49 +0000" tag="submitter">craig</metadata>
</glsa>