- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201611-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 04, 2016 Bugs: #597516 ID: 201611-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites allowing remote attackers to remotely execute arbitrary code, obtain information, and cause Denial of Service. Background ========== Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today=E2=80=99s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today=E2=80=99s applications require. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/oracle-jre-bin < 1.8.0.111 >= 1.8.0.111 2 dev-java/oracle-jdk-bin < 1.8.0.111 >= 1.8.0.111 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities exist in both Oracle=E2=80=99s JRE and JDK. Plea= se review the referenced CVE=E2=80=99s for additional information. Impact ====== Remote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JRE Users users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.111" All Oracle JDK Users users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.111" References ========== [ 1 ] CVE-2016-5542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5542 [ 2 ] CVE-2016-5554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5554 [ 3 ] CVE-2016-5556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5556 [ 4 ] CVE-2016-5568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5568 [ 5 ] CVE-2016-5573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5573 [ 6 ] CVE-2016-5582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5582 [ 7 ] CVE-2016-5597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5597 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201611-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5