Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 600224 - <dev-java/icedtea{,-bin}-{7.2.6.8,3.2.0}: Multiple vulnerabilties (CVE-2016-{5542,5554,5568,5573,5582,5597})
Summary: <dev-java/icedtea{,-bin}-{7.2.6.8,3.2.0}: Multiple vulnerabilties (CVE-2016-{...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://blog.fuseyism.com/index.php/20...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-19 11:00 UTC by James Le Cuirot
Modified: 2017-01-19 18:46 UTC (History)
0 users

See Also:
Package list:
dev-java/icedtea-bin-7.2.6.8 amd64 x86 dev-java/icedtea-bin-3.2.0 amd64 ppc64 x86
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description James Le Cuirot gentoo-dev 2016-11-19 11:00:37 UTC 
Bumps coming soon.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2016-11-19 11:25:04 UTC 
CVE-2016-5597 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5597):
  Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE
  Embedded 8u101 allows remote attackers to affect confidentiality via vectors
  related to Networking.

CVE-2016-5582 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5582):
  Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE
  Embedded 8u101 allows remote attackers to affect confidentiality, integrity,
  and availability via vectors related to Hotspot, a different vulnerability
  than CVE-2016-5573.

CVE-2016-5573 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5573):
  Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE
  Embedded 8u101 allows remote attackers to affect confidentiality, integrity,
  and availability via vectors related to Hotspot, a different vulnerability
  than CVE-2016-5582.

CVE-2016-5568 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5568):
  Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows
  remote attackers to affect confidentiality, integrity, and availability via
  vectors related to AWT.

CVE-2016-5554 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5554):
  Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE
  Embedded 8u101 allows remote attackers to affect integrity via vectors
  related to JMX.

CVE-2016-5542 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5542):
  Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE
  Embedded 8u101 allows remote attackers to affect integrity via vectors
  related to Libraries.
Comment 2 James Le Cuirot gentoo-dev 2016-11-19 17:20:51 UTC 
Bumped these now. icedtea doesn't get marked stable so the vulnerable versions have already been cleared. The Java 7 release was done shortly after the Java 8 one and the list of CVEs is the same so I've lumped these into one report.

amd64 and x86 arch teams, please stabilise:
dev-java/icedtea-bin-7.2.6.8
dev-java/icedtea-bin-3.2.0

ppc64 arch team, please stabilise:
dev-java/icedtea-bin-3.2.0
Comment 3 Agostino Sarubbo gentoo-dev 2016-11-20 13:06:08 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-11-20 13:09:28 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 James Le Cuirot gentoo-dev 2016-11-20 14:02:38 UTC 
Haven't done ppc64 yet. Forgot to CC them, sorry about that.
Comment 6 Agostino Sarubbo gentoo-dev 2017-01-18 10:05:27 UTC 
ppc64 stable.

Maintainer(s), please cleanup.
Comment 7 James Le Cuirot gentoo-dev 2017-01-18 10:17:22 UTC 
Old removed. Just in time for the next security release! Security team, please continue.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2017-01-19 18:46:08 UTC 
This issue was resolved and addressed in
 GLSA 201701-43 at https://security.gentoo.org/glsa/201701-43
by GLSA coordinator Thomas Deutschmann (whissi).