GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201111-02
(Oracle JRE/JDK: Multiple vulnerabilities)

Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below and
the associated Oracle Critical Patch Update Advisory for details.

Impact :

A remote attacker could exploit these vulnerabilities to cause
unspecified impact, possibly including remote execution of arbitrary
code.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-201111-02.xml

Solution :

All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.29'
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.29'
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=app-emulation/emul-linux-x86-java-1.6.0.29'
NOTE: As Oracle has revoked the DLJ license for its Java implementation,
the packages can no longer be updated automatically. This limitation is
not present on a non-fetch restricted implementation such as
dev-java/icedtea-bin.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 56724 ()

Bugtraq ID: 43965
43971
43979
43985
43988
43992
43994
43999
44009
44011
44012
44013
44014
44016
44017
44020
44021
44023
44024
44026
44027
44028
44030
44032
44035
44038
44040
46091
46386
46387
46388
46391
46393
46394
46395
46397
46398
46399
46400
46402
46403
46404
46405
46406
46407
46409
46410
46411
48137
48138
48139
48140
48141
48142
48143
48144
48145
48146
48147
48148
48149
49778
50211
50215
50216
50218
50220
50223
50224
50226
50229
50231
50234
50236
50237
50239
50242
50243
50246
50248
50250

CVE ID: CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3552
CVE-2010-3553
CVE-2010-3554
CVE-2010-3555
CVE-2010-3556
CVE-2010-3557
CVE-2010-3558
CVE-2010-3559
CVE-2010-3560
CVE-2010-3561
CVE-2010-3562
CVE-2010-3563
CVE-2010-3565
CVE-2010-3566
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3570
CVE-2010-3571
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4474
CVE-2010-4475
CVE-2010-4476
CVE-2011-0802
CVE-2011-0814
CVE-2011-0815
CVE-2011-0862
CVE-2011-0863
CVE-2011-0864
CVE-2011-0865
CVE-2011-0867
CVE-2011-0868
CVE-2011-0869
CVE-2011-0871
CVE-2011-0872
CVE-2011-0873
CVE-2011-3389
CVE-2011-3516
CVE-2011-3521
CVE-2011-3544
CVE-2011-3545
CVE-2011-3546
CVE-2011-3547
CVE-2011-3548
CVE-2011-3549
CVE-2011-3550
CVE-2011-3551
CVE-2011-3552
CVE-2011-3553
CVE-2011-3554
CVE-2011-3555
CVE-2011-3556
CVE-2011-3557
CVE-2011-3558
CVE-2011-3560
CVE-2011-3561