Oracle JDK/JRE, IcedTea: Multiple vulnerabilities Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, and IcedTea, the worst of which may allow execution of arbitrary code. oracle-jdk-bin,oracle-jre-bin,icedtea-bin 2017-09-24 2017-09-25: 2 625602 626088 627682 remote 1.8.0.141 1.8.0.141 1.8.0.141 1.8.0.141 7.2.6.11 3.5.0 7.2.6.11 3.5.0

Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications require.

IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions.

Multiple vulnerabilities have been discovered in Oracle’s JRE, JDK and IcedTea. Please review the referenced CVE identifiers for details.

A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or gain access to information.

There is no known workaround at this time.

All Oracle JDK binary users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.8.0.141"

All Oracle JRE binary users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.8.0.141"

All IcedTea binary 7.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.11"

All IcedTea binary 3.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.5.0"
CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10117 CVE-2017-10118 CVE-2017-10121 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 chrisadr chrisadr