GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)
Critical Nessus Plugin ID 72139
Synopsis
The remote Gentoo host is missing one or more security-related patches.
Description
The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities)
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details.
Impact :
An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code.
Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround :
There is no known workaround at this time.
Solution
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/oracle-jdk-bin-1.7.0.51' All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/oracle-jre-bin-1.7.0.51' All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.7.0.51' All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea.
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.