Oracle JRE/JDK: Multiple vulnerabilities

2015-02-1500:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.917

Percentile

99.0%

JSON

Background

Oracle’s Java SE Development Kit and Runtime Environment

Description

Multiple vulnerabilities have been discovered in Oracle’s Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data.

Workaround

There is no known workaround at this time.

Resolution

All Oracle JRE 1.7 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 "&gt;=dev-java/oracle-jre-bin-1.7.0.71"

All Oracle JDK 1.7 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 "&gt;=dev-java/oracle-jdk-bin-1.7.0.71"

All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 "&gt;=app-emulation/emul-linux-x86-java-1.7.0.71"

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-java/oracle-jre-bin< 1.7.0.71UNKNOWN
Gentooanyalldev-java/oracle-jdk-bin< 1.7.0.71UNKNOWN
Gentooanyallapp-emulation/emul-linux-x86-java< 1.7.0.71UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	dev-java/oracle-jre-bin	< 1.7.0.71	UNKNOWN
Gentoo	any	all	dev-java/oracle-jdk-bin	< 1.7.0.71	UNKNOWN
Gentoo	any	all	app-emulation/emul-linux-x86-java	< 1.7.0.71	UNKNOWN