GLSA-201709-22 : Oracle JDK/JRE, IcedTea: Multiple vulnerabilities

critical Nessus Plugin ID 103450

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201709-22 (Oracle JDK/JRE, IcedTea: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Oracle’s JRE, JDK and IcedTea. Please review the referenced CVE identifiers for details.
Impact :

A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or gain access to information.
Workaround :

There is no known workaround at this time.

Solution

All Oracle JDK binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/oracle-jdk-bin-1.8.0.141' All Oracle JRE binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/oracle-jre-bin-1.8.0.141' All IcedTea binary 7.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-7.2.6.11' All IcedTea binary 3.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-3.5.0'

See Also

https://security.gentoo.org/glsa/201709-22

Plugin Details

Severity: Critical

ID: 103450

File Name: gentoo_GLSA-201709-22.nasl

Version: 3.7

Type: local

Published: 9/25/2017

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:icedtea-bin, p-cpe:/a:gentoo:linux:oracle-jdk-bin, p-cpe:/a:gentoo:linux:oracle-jre-bin, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 9/24/2017

Vulnerability Publication Date: 8/8/2017

Reference Information

CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10121, CVE-2017-10125, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243

GLSA: 201709-22