GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilities

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201502-12
(Oracle JRE/JDK: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Oracle’s Java SE
Development Kit and Runtime Environment. Please review the CVE
identifiers referenced below for details.

Impact :

A context-dependent attacker may be able to execute arbitrary code,
disclose, update, insert, or delete certain data.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201502-12

Solution :

All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=dev-java/oracle-jre-bin-1.7.0.71'
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=dev-java/oracle-jdk-bin-1.7.0.71'
All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=app-emulation/emul-linux-x86-java-1.7.0.71'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Gentoo Local Security Checks

Nessus Plugin ID: 81370 ()

Bugtraq ID: 66856
66866
66870
66873
66877
66879
66881
66883
66886
66887
66891
66893
66894
66897
66898
66899
66902
66903
66904
66905
66907
66908
66909
66910
66911
66912
66913
66914
66915
66916
66917
66918
66919
66920
68562
68571
68576
68580
68583
68590
68596
68599
68603
68608
68612
68615
68620
68624
68626
68632
68636
68639
68642
68645
70456
70460
70468
70470
70484
70488
70507
70518
70519
70522
70523
70531
70533
70538
70544
70548
70552
70556
70560
70564
70565
70567
70569
70570
70572

CVE ID: CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-0463
CVE-2014-0464
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2410
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
CVE-2014-2483
CVE-2014-2490
CVE-2014-4208
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4220
CVE-2014-4221
CVE-2014-4223
CVE-2014-4227
CVE-2014-4244
CVE-2014-4247
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4264
CVE-2014-4265
CVE-2014-4266
CVE-2014-4268
CVE-2014-4288
CVE-2014-6456
CVE-2014-6457
CVE-2014-6458
CVE-2014-6466
CVE-2014-6468
CVE-2014-6476
CVE-2014-6485
CVE-2014-6492
CVE-2014-6493
CVE-2014-6502
CVE-2014-6503
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6513
CVE-2014-6515
CVE-2014-6517
CVE-2014-6519
CVE-2014-6527
CVE-2014-6531
CVE-2014-6532
CVE-2014-6558
CVE-2014-6562

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now