metadata/glsa/glsa-201006-18.xml - chromiumos/overlays/portage - Git at Google

 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

 <glsa id="201006-18">
   <title>Oracle JRE/JDK: Multiple vulnerabilities</title>
   <synopsis>
     The Oracle JDK and JRE are vulnerable to multiple unspecified
     vulnerabilities.
   </synopsis>
   <product type="ebuild">sun-jre-bin sun-jdk emul-linux-x86-java</product>
   <announced>June 04, 2010</announced>
   <revised>June 04, 2010: 01</revised>
   <bug>306579</bug>
   <bug>314531</bug>
   <access>remote</access>
   <affected>
     <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
       <unaffected range="ge">1.6.0.20</unaffected>
       <vulnerable range="lt">1.6.0.20</vulnerable>
     </package>
     <package name="dev-java/sun-jdk" auto="yes" arch="*">
       <unaffected range="ge">1.6.0.20</unaffected>
       <vulnerable range="lt">1.6.0.20</vulnerable>
     </package>
     <package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*">
       <unaffected range="ge">1.6.0.20</unaffected>
       <vulnerable range="lt">1.6.0.20</vulnerable>
     </package>
   </affected>
   <background>
     <p>
     The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
     the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
     provide the Oracle Java platform (formerly known as Sun Java Platform).
     </p>
   </background>
   <description>
     <p>
     Multiple vulnerabilities have been reported in the Oracle Java
     implementation. Please review the CVE identifiers referenced below and
     the associated Oracle Critical Patch Update Advisory for details.
     </p>
   </description>
   <impact type="normal">
     <p>
     A remote attacker could exploit these vulnerabilities to cause
     unspecified impact, possibly including remote execution of arbitrary
     code.
     </p>
   </impact>
   <workaround>
     <p>
     There is no known workaround at this time.
     </p>
   </workaround>
   <resolution>
     <p>
     All Oracle JRE 1.6.x users should upgrade to the latest version:
     </p>
     <code>
     # emerge --sync
     # emerge --ask --oneshot --verbose &quot;&gt;=dev-java/sun-jre-bin-1.6.0.20&quot;</code>
     <p>
     All Oracle JDK 1.6.x users should upgrade to the latest version:
     </p>
     <code>
     # emerge --sync
     # emerge --ask --oneshot --verbose &quot;&gt;=dev-java/sun-jdk-1.6.0.20&quot;</code>
     <p>
     All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to
     the latest version:
     </p>
     <code>
     # emerge --sync
     # emerge --ask --oneshot --verbose &quot;&gt;=app-emulation/emul-linux-x86-java-1.6.0.20&quot;</code>
     <p>
     All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle
     JRE 1.5.x users are strongly advised to unmerge Java 1.5:
     </p>
     <code>
     # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5*
     # emerge --unmerge =dev-java/sun-jre-bin-1.5*
     # emerge --unmerge =dev-java/sun-jdk-1.5*</code>
     <p>
     Gentoo is ceasing support for the 1.5 generation of the Oracle Java
     Platform in accordance with upstream. All 1.5 JRE versions are masked
     and will be removed shortly. All 1.5 JDK versions are marked as
     "build-only" and will be masked for removal shortly. Users are advised
     to change their default user and system Java implementation to an
     unaffected version. For example:
     </p>
     <code>
     # java-config --set-system-vm sun-jdk-1.6</code>
     <p>
     For more information, please consult the Gentoo Linux Java
     documentation.
     </p>
   </resolution>
   <references>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082">CVE-2010-0082</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084">CVE-2010-0084</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085">CVE-2010-0085</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087">CVE-2010-0087</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088">CVE-2010-0088</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089">CVE-2010-0089</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090">CVE-2010-0090</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091">CVE-2010-0091</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092">CVE-2010-0092</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093">CVE-2010-0093</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094">CVE-2010-0094</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095">CVE-2010-0095</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837">CVE-2010-0837</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838">CVE-2010-0838</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839">CVE-2010-0839</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840">CVE-2010-0840</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841">CVE-2010-0841</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842">CVE-2010-0842</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843">CVE-2010-0843</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844">CVE-2010-0844</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845">CVE-2010-0845</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846">CVE-2010-0846</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847">CVE-2010-0847</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848">CVE-2010-0848</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849">CVE-2010-0849</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850">CVE-2010-0850</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886">CVE-2010-0886</uri>
     <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887">CVE-2010-0887</uri>
     <uri link="/doc/en/java.xml#doc_chap4">Gentoo Linux Java documentation</uri>
     <uri link="http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html">Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010</uri>
   </references>
   <metadata tag="requester" timestamp="Fri, 02 Apr 2010 09:43:04 +0000">
     a3li
   </metadata>
   <metadata tag="submitter" timestamp="Fri, 02 Apr 2010 09:59:07 +0000">
     a3li
   </metadata>
   <metadata tag="bugReady" timestamp="Fri, 04 Jun 2010 05:06:52 +0000">
     a3li
   </metadata>
 </glsa>
	<?xml version="1.0" encoding="utf-8"?>
	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

	<glsa id="201006-18">
	<title>Oracle JRE/JDK: Multiple vulnerabilities</title>
	<synopsis>
	The Oracle JDK and JRE are vulnerable to multiple unspecified
	vulnerabilities.
	</synopsis>
	<product type="ebuild">sun-jre-bin sun-jdk emul-linux-x86-java</product>
	<announced>June 04, 2010</announced>
	<revised>June 04, 2010: 01</revised>
	<bug>306579</bug>
	<bug>314531</bug>
	<access>remote</access>
	<affected>
	<package name="dev-java/sun-jre-bin" auto="yes" arch="*">
	<unaffected range="ge">1.6.0.20</unaffected>
	<vulnerable range="lt">1.6.0.20</vulnerable>
	</package>
	<package name="dev-java/sun-jdk" auto="yes" arch="*">
	<unaffected range="ge">1.6.0.20</unaffected>
	<vulnerable range="lt">1.6.0.20</vulnerable>
	</package>
	<package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*">
	<unaffected range="ge">1.6.0.20</unaffected>
	<vulnerable range="lt">1.6.0.20</vulnerable>
	</package>
	</affected>
	<background>
	<p>
	The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
	the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
	provide the Oracle Java platform (formerly known as Sun Java Platform).
	</p>
	</background>
	<description>
	<p>
	Multiple vulnerabilities have been reported in the Oracle Java
	implementation. Please review the CVE identifiers referenced below and
	the associated Oracle Critical Patch Update Advisory for details.
	</p>
	</description>
	<impact type="normal">
	<p>
	A remote attacker could exploit these vulnerabilities to cause
	unspecified impact, possibly including remote execution of arbitrary
	code.
	</p>
	</impact>
	<workaround>
	<p>
	There is no known workaround at this time.
	</p>
	</workaround>
	<resolution>
	<p>
	All Oracle JRE 1.6.x users should upgrade to the latest version:
	</p>
	<code>
	# emerge --sync
	# emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.20"</code>
	<p>
	All Oracle JDK 1.6.x users should upgrade to the latest version:
	</p>
	<code>
	# emerge --sync
	# emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.20"</code>
	<p>
	All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to
	the latest version:
	</p>
	<code>
	# emerge --sync
	# emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.20"</code>
	<p>
	All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle
	JRE 1.5.x users are strongly advised to unmerge Java 1.5:
	</p>
	<code>
	# emerge --unmerge =app-emulation/emul-linux-x86-java-1.5*
	# emerge --unmerge =dev-java/sun-jre-bin-1.5*
	# emerge --unmerge =dev-java/sun-jdk-1.5*</code>
	<p>
	Gentoo is ceasing support for the 1.5 generation of the Oracle Java
	Platform in accordance with upstream. All 1.5 JRE versions are masked
	and will be removed shortly. All 1.5 JDK versions are marked as
	"build-only" and will be masked for removal shortly. Users are advised
	to change their default user and system Java implementation to an
	unaffected version. For example:
	</p>
	<code>
	# java-config --set-system-vm sun-jdk-1.6</code>
	<p>
	For more information, please consult the Gentoo Linux Java
	documentation.
	</p>
	</resolution>
	<references>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082">CVE-2010-0082</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084">CVE-2010-0084</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085">CVE-2010-0085</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087">CVE-2010-0087</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088">CVE-2010-0088</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089">CVE-2010-0089</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090">CVE-2010-0090</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091">CVE-2010-0091</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092">CVE-2010-0092</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093">CVE-2010-0093</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094">CVE-2010-0094</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095">CVE-2010-0095</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837">CVE-2010-0837</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838">CVE-2010-0838</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839">CVE-2010-0839</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840">CVE-2010-0840</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841">CVE-2010-0841</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842">CVE-2010-0842</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843">CVE-2010-0843</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844">CVE-2010-0844</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845">CVE-2010-0845</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846">CVE-2010-0846</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847">CVE-2010-0847</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848">CVE-2010-0848</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849">CVE-2010-0849</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850">CVE-2010-0850</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886">CVE-2010-0886</uri>
	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887">CVE-2010-0887</uri>
	<uri link="/doc/en/java.xml#doc_chap4">Gentoo Linux Java documentation</uri>
	<uri link="http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html">Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010</uri>
	</references>
	<metadata tag="requester" timestamp="Fri, 02 Apr 2010 09:43:04 +0000">
	a3li
	</metadata>
	<metadata tag="submitter" timestamp="Fri, 02 Apr 2010 09:59:07 +0000">
	a3li
	</metadata>
	<metadata tag="bugReady" timestamp="Fri, 04 Jun 2010 05:06:52 +0000">
	a3li
	</metadata>
	</glsa>