Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 625602 (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10121, CVE-2017-10125, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243) - <dev-java/oracle-{jdk,jre}-bin-1.8.0.141: Multiple vulnerabilities
Summary: <dev-java/oracle-{jdk,jre}-bin-1.8.0.141: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10121, CVE-2017-10125, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://www.oracle.com/technetwork/sec...
Whiteboard: A2 [glsa cve]
Keywords:
: 625628 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-07-19 08:26 UTC by Liferer
Modified: 2017-09-24 21:54 UTC (History)
4 users (show)

See Also:
Package list:
=dev-java/oracle-jdk-bin-1.8.0.144 amd64 x86 =dev-java/oracle-jre-bin-1.8.0.144 amd64 x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Liferer 2017-07-19 08:26:27 UTC
New upatream release 8u141 with security fixes.
Comment 1 James Le Cuirot gentoo-dev 2017-07-19 13:15:03 UTC
*** Bug 625628 has been marked as a duplicate of this bug. ***
Comment 2 Volkan 2017-07-19 23:11:36 UTC
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA

CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10086
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10114
CVE-2017-10115
CVE-2017-10116
CVE-2017-10117
CVE-2017-10118
CVE-2017-10121
CVE-2017-10125
CVE-2017-10135
CVE-2017-10176
CVE-2017-10193
CVE-2017-10198
CVE-2017-10243

Unsure about the below CVE numbers, they are for Java advanced management console, but is within the same Jave SE risk matrix.
CVE-2017-10104
CVE-2017-10145
Comment 3 Andreas Prieß 2017-07-20 01:10:40 UTC
Just a quick side note:

It would be helpful to keep it as a best practice, NOT to apply clever short forms for multiple packages in the bug summary.

It hides the bugs for searches coming from "Related Bugs" at
https://packages.gentoo.org/packages/dev-java/oracle-jdk-bin
in this case.

And how is one supposed to search for packages in bugs then anyway?

*dev*java*oracle*???*bin*

:-)

Thanks.
Comment 4 James Le Cuirot gentoo-dev 2017-07-20 20:05:29 UTC
Bumped. amd64 and x86 teams, please stabilize.
Comment 5 Pacho Ramos gentoo-dev 2017-07-21 08:57:03 UTC
amd64 stable
Comment 6 James Le Cuirot gentoo-dev 2017-07-26 22:37:21 UTC
Apologies to the amd64 team who have already stabilised 1.8.0.141 but Oracle have just put out another release one week later. It's not strictly a security release but we need to get this new one stabilised too because you need an account to download older releases.
Comment 7 Tobias Klausmann gentoo-dev 2017-07-31 11:43:32 UTC
Stable on amd64.
Comment 8 Thomas Deutschmann gentoo-dev Security 2017-08-18 20:26:10 UTC
x86 stable
Comment 9 James Le Cuirot gentoo-dev 2017-08-18 21:02:41 UTC
Old removed. Security team, do your thing.
Comment 10 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-17 20:47:25 UTC
GLSA Request filed.

Gentoo Security Padawan
ChrisADR
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2017-09-24 21:54:23 UTC
This issue was resolved and addressed in
 GLSA 201709-22 at https://security.gentoo.org/glsa/201709-22
by GLSA coordinator Aaron Bauman (b-man).