what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Gentoo Linux Security Advisory 201502-12

Gentoo Linux Security Advisory 201502-12
Posted Feb 16, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-12 - Multiple vulnerabilities have been found in Oracle's Java SE Development Kit and Runtime Environment, the worst of which could lead to execution of arbitrary code. Versions less than 1.7.0.71 are affected.

tags | advisory, java, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414
SHA-256 | 946956dea19a3274d6fb6db363ac9cb4f3556abb6e68ec9eeff943208a8be906

Gentoo Linux Security Advisory 201502-12

Change Mirror Download
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201502-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Oracle JRE/JDK: Multiple vulnerabilities
Date: February 15, 2015
Bugs: #507798, #508716, #517220, #525464
ID: 201502-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Oracle's Java SE
Development Kit and Runtime Environment, the worst of which could lead
to execution of arbitrary code.

Background
==========

Oracle's Java SE Development Kit and Runtime Environment

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/oracle-jre-bin < 1.7.0.71 >= 1.7.0.71
2 dev-java/oracle-jdk-bin < 1.7.0.71 >= 1.7.0.71
3 app-emulation/emul-linux-x86-java
< 1.7.0.71 >= 1.7.0.71
-------------------------------------------------------------------
3 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Oracle's Java SE
Development Kit and Runtime Environment. Please review the CVE
identifiers referenced below for details.

Impact
======

A context-dependent attacker may be able to execute arbitrary code,
disclose, update, insert, or delete certain data.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Oracle JRE 1.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.71"

All Oracle JDK 1.7 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.71"

All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:

# emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.71"

References
==========

[ 1 ] CVE-2014-0429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429
[ 2 ] CVE-2014-0432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432
[ 3 ] CVE-2014-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446
[ 4 ] CVE-2014-0448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448
[ 5 ] CVE-2014-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449
[ 6 ] CVE-2014-0451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451
[ 7 ] CVE-2014-0452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452
[ 8 ] CVE-2014-0453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453
[ 9 ] CVE-2014-0454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454
[ 10 ] CVE-2014-0455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455
[ 11 ] CVE-2014-0456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456
[ 12 ] CVE-2014-0457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457
[ 13 ] CVE-2014-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458
[ 14 ] CVE-2014-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459
[ 15 ] CVE-2014-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460
[ 16 ] CVE-2014-0461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461
[ 17 ] CVE-2014-0463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463
[ 18 ] CVE-2014-0464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464
[ 19 ] CVE-2014-2397
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397
[ 20 ] CVE-2014-2398
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398
[ 21 ] CVE-2014-2401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401
[ 22 ] CVE-2014-2402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402
[ 23 ] CVE-2014-2403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403
[ 24 ] CVE-2014-2409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409
[ 25 ] CVE-2014-2410
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410
[ 26 ] CVE-2014-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412
[ 27 ] CVE-2014-2413
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413
[ 28 ] CVE-2014-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414
[ 29 ] CVE-2014-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420
[ 30 ] CVE-2014-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421
[ 31 ] CVE-2014-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422
[ 32 ] CVE-2014-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423
[ 33 ] CVE-2014-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
[ 34 ] CVE-2014-2428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428
[ 35 ] CVE-2014-2483
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483
[ 36 ] CVE-2014-2490
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490
[ 37 ] CVE-2014-4208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208
[ 38 ] CVE-2014-4209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209
[ 39 ] CVE-2014-4216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216
[ 40 ] CVE-2014-4218
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218
[ 41 ] CVE-2014-4219
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219
[ 42 ] CVE-2014-4220
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220
[ 43 ] CVE-2014-4221
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221
[ 44 ] CVE-2014-4223
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223
[ 45 ] CVE-2014-4227
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227
[ 46 ] CVE-2014-4244
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244
[ 47 ] CVE-2014-4247
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247
[ 48 ] CVE-2014-4252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252
[ 49 ] CVE-2014-4262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262
[ 50 ] CVE-2014-4263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263
[ 51 ] CVE-2014-4264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264
[ 52 ] CVE-2014-4265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265
[ 53 ] CVE-2014-4266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266
[ 54 ] CVE-2014-4268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268
[ 55 ] CVE-2014-4288
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288
[ 56 ] CVE-2014-6456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456
[ 57 ] CVE-2014-6457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457
[ 58 ] CVE-2014-6458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458
[ 59 ] CVE-2014-6466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466
[ 60 ] CVE-2014-6468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468
[ 61 ] CVE-2014-6476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476
[ 62 ] CVE-2014-6485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485
[ 63 ] CVE-2014-6492
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492
[ 64 ] CVE-2014-6493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493
[ 65 ] CVE-2014-6502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502
[ 66 ] CVE-2014-6503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503
[ 67 ] CVE-2014-6504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504
[ 68 ] CVE-2014-6506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506
[ 69 ] CVE-2014-6511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511
[ 70 ] CVE-2014-6512
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512
[ 71 ] CVE-2014-6513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513
[ 72 ] CVE-2014-6515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515
[ 73 ] CVE-2014-6517
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517
[ 74 ] CVE-2014-6519
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519
[ 75 ] CVE-2014-6527
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527
[ 76 ] CVE-2014-6531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531
[ 77 ] CVE-2014-6532
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532
[ 78 ] CVE-2014-6558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558
[ 79 ] CVE-2014-6562
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201502-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close