Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 581028 - <dev-java/icedtea{,-bin}-7.2.6.6-r1: Multiple vulnerabilties (CVE-2016-{0686,0687,0695,3422,3425,3427,3443,3449})
Summary: <dev-java/icedtea{,-bin}-7.2.6.6-r1: Multiple vulnerabilties (CVE-2016-{0686,...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-24 10:09 UTC by James Le Cuirot
Modified: 2016-06-27 22:43 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description James Le Cuirot gentoo-dev 2016-04-24 10:09:38 UTC
I'm going to bump icedtea and icedtea-bin now. icedtea doesn't get marked stable so the vulnerable versions will be cleared immediately.

Note that icedtea-bin:7 for arm is being dropped, at least temporarily, as the performance benefit it provides over icedtea-bin:8 is currently broken.
Comment 1 James Le Cuirot gentoo-dev 2016-04-24 10:17:33 UTC
Bumped. amd64 and x86 arch teams, please stabilise:
dev-java/icedtea-bin-7.2.6.6
Comment 2 James Le Cuirot gentoo-dev 2016-04-25 20:56:48 UTC
Had to bump to -r1 because I forgot to increase the glibc dependency.

amd64 and x86 arch teams, please stabilise:
dev-java/icedtea-bin-7.2.6.6-r1
Comment 3 Agostino Sarubbo gentoo-dev 2016-04-26 11:20:51 UTC
amd64 stable
Comment 4 James Le Cuirot gentoo-dev 2016-05-09 19:30:07 UTC
Ping x86 team!
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2016-06-25 12:28:50 UTC
CVE-2016-3449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3449):
  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows
  remote attackers to affect confidentiality, integrity, and availability via
  vectors related to Deployment.

CVE-2016-3443 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3443):
  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows
  remote attackers to affect confidentiality, integrity, and availability via
  vectors related to 2D.

CVE-2016-3427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3427):
  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE
  Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect
  confidentiality, integrity, and availability via vectors related to JMX.

CVE-2016-3425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3425):
  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE
  Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect
  availability via vectors related to JAXP.

CVE-2016-3422 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3422):
  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows
  remote attackers to affect availability via vectors related to 2D.

CVE-2016-0695 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0695):
  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE
  Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect
  confidentiality via vectors related to Security.

CVE-2016-0687 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0687):
  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java
  SE Embedded 8u77 allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to the Hotspot
  sub-component.

CVE-2016-0686 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0686):
  Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java
  SE Embedded 8u77 allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to Serialization.
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2016-06-25 12:29:46 UTC
Added to existing GLSA.
Comment 7 James Le Cuirot gentoo-dev 2016-06-25 14:50:08 UTC
x86 team still hasn't dealt with this one. :(
Comment 8 Agostino Sarubbo gentoo-dev 2016-06-27 08:52:45 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 9 James Le Cuirot gentoo-dev 2016-06-27 21:03:46 UTC
Old removed. Security team, please continue.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2016-06-27 22:43:25 UTC
This issue was resolved and addressed in
 GLSA 201606-18 at https://security.gentoo.org/glsa/201606-18
by GLSA coordinator Aaron Bauman (b-man).