Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 625602 (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10121, CVE-2017-10125, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243)

Summary: <dev-java/oracle-{jdk,jre}-bin-1.8.0.141: Multiple vulnerabilities
Product: Gentoo Security Reporter: Liferer <liferer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: ap, java, jstein, martin.u
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA
Whiteboard: A2 [glsa cve]
Package list:
=dev-java/oracle-jdk-bin-1.8.0.144 amd64 x86 =dev-java/oracle-jre-bin-1.8.0.144 amd64 x86
Runtime testing required: ---

Description Liferer 2017-07-19 08:26:27 UTC
New upatream release 8u141 with security fixes.
Comment 1 James Le Cuirot gentoo-dev 2017-07-19 13:15:03 UTC
*** Bug 625628 has been marked as a duplicate of this bug. ***
Comment 2 Volkan 2017-07-19 23:11:36 UTC
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA

CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10086
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10114
CVE-2017-10115
CVE-2017-10116
CVE-2017-10117
CVE-2017-10118
CVE-2017-10121
CVE-2017-10125
CVE-2017-10135
CVE-2017-10176
CVE-2017-10193
CVE-2017-10198
CVE-2017-10243

Unsure about the below CVE numbers, they are for Java advanced management console, but is within the same Jave SE risk matrix.
CVE-2017-10104
CVE-2017-10145
Comment 3 Andreas Prieß 2017-07-20 01:10:40 UTC
Just a quick side note:

It would be helpful to keep it as a best practice, NOT to apply clever short forms for multiple packages in the bug summary.

It hides the bugs for searches coming from "Related Bugs" at
https://packages.gentoo.org/packages/dev-java/oracle-jdk-bin
in this case.

And how is one supposed to search for packages in bugs then anyway?

*dev*java*oracle*???*bin*

:-)

Thanks.
Comment 4 James Le Cuirot gentoo-dev 2017-07-20 20:05:29 UTC
Bumped. amd64 and x86 teams, please stabilize.
Comment 5 Pacho Ramos gentoo-dev 2017-07-21 08:57:03 UTC
amd64 stable
Comment 6 James Le Cuirot gentoo-dev 2017-07-26 22:37:21 UTC
Apologies to the amd64 team who have already stabilised 1.8.0.141 but Oracle have just put out another release one week later. It's not strictly a security release but we need to get this new one stabilised too because you need an account to download older releases.
Comment 7 Tobias Klausmann gentoo-dev 2017-07-31 11:43:32 UTC
Stable on amd64.
Comment 8 Thomas Deutschmann gentoo-dev Security 2017-08-18 20:26:10 UTC
x86 stable
Comment 9 James Le Cuirot gentoo-dev 2017-08-18 21:02:41 UTC
Old removed. Security team, do your thing.
Comment 10 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-17 20:47:25 UTC
GLSA Request filed.

Gentoo Security Padawan
ChrisADR
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2017-09-24 21:54:23 UTC
This issue was resolved and addressed in
 GLSA 201709-22 at https://security.gentoo.org/glsa/201709-22
by GLSA coordinator Aaron Bauman (b-man).