Summary: | dev-java/icedtea: multiple vulnerabilities (CVE-2014-{2490,4209,4216,4218,4219,4244,4252,4262,4263,4266,4268}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | caster, gnu_andrew, java, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://blog.fuseyism.com/index.php/2014/07/15/security-icedtea-1-13-4-for-openjdk-6-released/ | ||
Whiteboard: | ~2 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-07-16 08:05:16 UTC
CVE-2014-4268 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. CVE-2014-4266 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266): Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. CVE-2014-4263 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." CVE-2014-4262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-4252 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. CVE-2014-4244 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. CVE-2014-4219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219): Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-4218 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2014-4216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-4209 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209): Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. CVE-2014-2490 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490): Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. The same update is needed for 7 too. The latest is 2.5.2: http://bitly.com/it20502 Maintainers please advise if there is any movement on this? This was dealt with ages ago so security team should close this out. |