[ GLSA 201803-06 ] Oracle JDK/JRE: Multiple vulnerabilities

\n\n
–=-Vk1EeJPWX/cll8K9Vqkt
Content-Type: text/plain; charset=”UTF-8″
Content-Transfer-Encoding: quoted-printable

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201803-06
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: Oracle JDK/JRE: Multiple vulnerabilities
Date: March 19, 2018
Bugs: #645268
ID: 201803-06

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been found in Oracle’s JDK and JRE
software suites, the worst of which may allow execution of arbitrary
code.

Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in today=E2=80=99s
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that today=E2=80=99s
applications require.

Affected packages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 dev-java/oracle-jdk-bin =3D 1.8.0.162:1.8=20
2 dev-java/oracle-jre-bin =3D 1.8.0.162:1.8=20
——————————————————————-
2 affected packages

Description
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been discovered in Oracle=E2=80=99s Java SE.
Please review the referenced CVE identifiers for details.

Impact
=3D=3D=3D=3D=3D=3D

A remote attacker could possibly execute arbitrary code with the
privileges of the process, gain access to information, or cause a
Denial of Service condition.

Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

There is no known workaround at this time.

Resolution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

All Oracle JDK users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=3Ddev-java/oracle-jdk-bin-1.8.0.162:1.8”

All Oracle JRE users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=3Ddev-java/oracle-jre-bin-1.8.0.162:1.8″

References
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[ 1 ] CVE-2018-2579
https://nvd.nist.gov/vuln/detail/CVE-2018-2579
[ 2 ] CVE-2018-2581
https://nvd.nist.gov/vuln/detail/CVE-2018-2581
[ 3 ] CVE-2018-2582
https://nvd.nist.gov/vuln/detail/CVE-2018-2582
[ 4 ] CVE-2018-2588
https://nvd.nist.gov/vuln/detail/CVE-2018-2588
[ 5 ] CVE-2018-2599
https://nvd.nist.gov/vuln/detail/CVE-2018-2599
[ 6 ] CVE-2018-2602
https://nvd.nist.gov/vuln/detail/CVE-2018-2602
[ 7 ] CVE-2018-2603
https://nvd.nist.gov/vuln/detail/CVE-2018-2603
[ 8 ] CVE-2018-2618
https://nvd.nist.gov/vuln/detail/CVE-2018-2618
[ 9 ] CVE-2018-2627
https://nvd.nist.gov/vuln/detail/CVE-2018-2627
[ 10 ] CVE-2018-2629
https://nvd.nist.gov/vuln/detail/CVE-2018-2629
[ 11 ] CVE-2018-2633
https://nvd.nist.gov/vuln/detail/CVE-2018-2633
[ 12 ] CVE-2018-2634
https://nvd.nist.gov/vuln/detail/CVE-2018-2634
[ 13 ] CVE-2018-2637
https://nvd.nist.gov/vuln/detail/CVE-2018-2637
[ 14 ] CVE-2018-2638
https://nvd.nist.gov/vuln/detail/CVE-2018-2638
[ 15 ] CVE-2018-2639
https://nvd.nist.gov/vuln/detail/CVE-2018-2639
[ 16 ] CVE-2018-2641
https://nvd.nist.gov/vuln/detail/CVE-2018-2641
[ 17 ] CVE-2018-2663
https://nvd.nist.gov/vuln/detail/CVE-2018-2663

Availability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201803-06

Concerns?
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=3D=3D=3D=3D=3D=3D=3D

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
–=-Vk1EeJPWX/cll8K9Vqkt
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQGTBAABCgB9FiEE5Rdey4FSmOT+vCuqTbvRDw/dJUcFAlqvCnNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEU1
MTc1RUNCODE1Mjk4RTRGRUJDMkJBQTREQkJEMTBGMEZERDI1NDcACgkQTbvRDw/d
JUdQjgf/cc9BiOnvA0f0DbAdd/KEFv36nfchZl2X5+TXVMyzjK/f4/hIb63aXo+P
4/7/zbXVJyzn76eTwTxWugAJ1OFkxxy6b0IDRLAEwIfCDggsPRU1vMsWQO+2VnPM
WFBSsQZoRSyogLHZldjYA0Q6xX6t6zGWl+rAV3Neepe/rKs6gKXgP7ho6bwzJjcA
O7/eucGGqUf/a1XjMbPevbZsuS9WMoOM82GM86bS0AAJkoCKkFn37sySdDnNpY1V
n3KXePo4dHZZj7walp592pEVbDNWndi/94KkWmzFdDEmjwyoh4hT0t0hqmio9ppy
Me8tY1zbex6Obe23wUXEB0ublyHV9g==
=SlzU
—–END PGP SIGNATURE—–

–=-Vk1EeJPWX/cll8K9Vqkt–