GLSA-201707-01 : IcedTea: Multiple vulnerabilities
High Nessus Plugin ID 101248
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201707-01 (IcedTea: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers referenced below for details.
Note: If the web browser plug-in provided by the dev-java/icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
A remote attacker could possibly execute arbitrary code with the privileges of the process, gain access to information, or cause a Denial of Service condition.
There is no known workaround at this time.
SolutionAll IcedTea binary 7.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-126.96.36.199:7' All IcedTea binary 3.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-3.4.0:8'