GLSA-201606-18 : IcedTea: Multiple vulnerabilities

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201606-18
(IcedTea: Multiple vulnerabilities)

Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot,
Libraries, and JAXP, exist which allows remote attackers to affect the
confidentiality, integrity, and availability of vulnerable systems. Many
of the vulnerabilities can only be exploited through sandboxed Java Web
Start applications and java applets. Please review the CVE identifiers
referenced below for details.

Impact :

Remote attackers may execute arbitrary code, compromise information, or
cause Denial of Service.

Workaround :

There is no known work around at this time.

See also :

https://security.gentoo.org/glsa/201606-18

Solution :

Gentoo Security is no longer supporting dev-java/icedtea, as it has been
officially dropped from the stable tree.
Users of the IcedTea 3.x binary package should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-3.0.1'
Users of the IcedTea 7.x binary package should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/icedtea-7.2.6.6'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 91863 ()

Bugtraq ID:

CVE ID: CVE-2016-0636
CVE-2016-0686
CVE-2016-0687
CVE-2016-0695
CVE-2016-3422
CVE-2016-3425
CVE-2016-3427
CVE-2016-3443
CVE-2016-3449

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now