GLSA-201701-43 : IcedTea: Multiple vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201701-43
(IcedTea: Multiple vulnerabilities)

Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot,
Libraries, and JAXP, exist which allows remote attackers to affect the
confidentiality, integrity, and availability of vulnerable systems. Many
of the vulnerabilities can only be exploited through sandboxed Java Web
Start applications and java applets. Please review the CVE identifiers
referenced below for details.

Impact :

Remote attackers may execute arbitrary code, compromise information, or
cause a Denial of Service condition.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201701-43

Solution :

All IcedTea-bin 7.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-7.2.6.8:7'
All IcedTea-bin 3.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-3.2.0:8'

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now