Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 563684 (CVE-2015-4734)

Summary: <dev-java/oracle-{jdk,jre}-bin-1.8.0.66: Multiple Vulnerabilities (CVE-2015-{4734,4803,4805,4806,4810,4835,4840,4842,4843,4844,4860,4868,4871,4872,4881,4882,4883,4893,4901,4902,4903,4906,4908,4911,4916})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: java
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa cve]
Package list:
Runtime testing required: ---

Comment 1 James Le Cuirot gentoo-dev 2015-10-21 21:53:58 UTC
Bumped. Only 8u65 is available for ARM so I've had to add two versions. We haven't been stabilizing ARM though.

amd64 and x86 teams, please stabilize:
dev-java/oracle-jdk-bin-1.8.0.66.ebuild
dev-java/oracle-jre-bin-1.8.0.66.ebuild
Comment 2 Agostino Sarubbo gentoo-dev 2015-10-22 07:33:37 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-10-22 07:34:06 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 James Le Cuirot gentoo-dev 2015-10-22 09:29:54 UTC
Clean up done. Security, please continue.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2015-10-23 03:51:31 UTC
CVE-2015-7840 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840):
  The command line management console (CMC) in SolarWinds Log and Event
  Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code
  via unspecified vectors involving the ping feature.

CVE-2015-4916 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916):
  Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows
  remote attackers to affect confidentiality via unknown vectors, a different
  vulnerability than CVE-2015-4906 and CVE-2015-4908.

CVE-2015-4911 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE
  Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect
  availability via vectors related to JAXP, a different vulnerability than
  CVE-2015-4803 and CVE-2015-4893.

CVE-2015-4908 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908):
  Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows
  remote attackers to affect confidentiality via unknown vectors, a different
  vulnerability than CVE-2015-4906 and CVE-2015-4916.

CVE-2015-4906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906):
  Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows
  remote attackers to affect confidentiality via unknown vectors related to
  JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916.

CVE-2015-4903 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality via
  vectors related to RMI.

CVE-2015-4902 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows
  remote attackers to affect integrity via unknown vectors related to
  Deployment.

CVE-2015-4901 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901):
  Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to
  affect confidentiality, integrity, and availability via unknown vectors
  related to JavaFX.

CVE-2015-4893 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE
  Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect
  availability via vectors related to JAXP, a different vulnerability than
  CVE-2015-4803 and CVE-2015-4911.

CVE-2015-4883 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to RMI, a different
  vulnerability than CVE-2015-4860.

CVE-2015-4882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect availability via vectors
  related to CORBA.

CVE-2015-4881 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to CORBA, a different
  vulnerability than CVE-2015-4835.

CVE-2015-4872 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE
  Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect
  integrity via unknown vectors related to Security.

CVE-2015-4871 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871):
  Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to
  affect confidentiality and integrity via unknown vectors related to
  Libraries.

CVE-2015-4868 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868):
  Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51
  allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors related to Libraries.

CVE-2015-4860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to RMI, a different
  vulnerability than CVE-2015-4883.

CVE-2015-4844 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to 2D.

CVE-2015-4843 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to Libraries.

CVE-2015-4842 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality via
  vectors related to JAXP.

CVE-2015-4840 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840):
  Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE
  Embedded 8u51, allows remote attackers to affect confidentiality via unknown
  vectors related to 2D.

CVE-2015-4835 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to CORBA, a different
  vulnerability than CVE-2015-4881.

CVE-2015-4810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810):
  Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users
  to affect confidentiality, integrity, and availability via unknown vectors
  related to Deployment.

CVE-2015-4806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality and
  integrity via unknown vectors related to Libraries.

CVE-2015-4805 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to Serialization.

CVE-2015-4803 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE
  Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect
  availability via vectors related to JAXP, a different vulnerability than
  CVE-2015-4893 and CVE-2015-4911.

CVE-2015-4734 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734):
  Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java
  SE Embedded 8u51, allows remote attackers to affect confidentiality via
  vectors related to JGSS.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2015-10-23 03:57:26 UTC
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 12:41:09 UTC
This issue was resolved and addressed in
 GLSA 201603-11 at https://security.gentoo.org/glsa/201603-11
by GLSA coordinator Kristian Fiskerstrand (K_F).