Summary: | <dev-java/oracle-{jdk,jre}-bin-{1.7.0.65,1.8.0.11}: Multiple Vulnerabilities (CVE-2014-{2483,2490,4208,4209,4216,4218,4219,4220,4221,4223,4227,4244,4247,4252,4262,4263,4265,4266,4268,4264}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | java, wasundwarum |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/59501/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-07-16 07:54:46 UTC
Added the following to tree: oracle-{jdk,jre}-bin-1.7.0.65 oracle-{jdk,jre}-bin-1.8.0.11 Archteams please stabilize the following on amd64 and x86: oracle-{jdk,jre}-bin-1.7.0.65 *** Bug 517656 has been marked as a duplicate of this bug. *** amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. (In reply to Agostino Sarubbo from comment #4) > Maintainer(s), please cleanup. Done, tho had to keep 1.7.0.60 for arm. CVE-2014-4268 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. CVE-2014-4266 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266): Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. CVE-2014-4265 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265): Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2014-4264 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264): Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. CVE-2014-4263 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." CVE-2014-4262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-4252 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. CVE-2014-4247 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247): Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. CVE-2014-4244 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. CVE-2014-4227 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227): Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-4223 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223): Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483. CVE-2014-4221 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221): Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. CVE-2014-4220 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220): Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208. CVE-2014-4219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219): Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-4218 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2014-4216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-4209 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. CVE-2014-4208 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208): Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220. CVE-2014-2490 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490): Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-2483 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483): Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." Arches and Mainter(s), Thank you for your work. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201502-12 at http://security.gentoo.org/glsa/glsa-201502-12.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |