Multiple vulnerabilities have been found in Oracle's JDK and JRE software suites, the worst of which can be remotely exploited without authentication.
Package | dev-java/oracle-jdk-bin on all architectures |
---|---|
Affected versions | < 1.8.0.152-r1 |
Unaffected versions | >= 1.8.0.152-r1 |
Package | dev-java/oracle-jre-bin on all architectures |
---|---|
Affected versions | < 1.8.0.152-r1 |
Unaffected versions | >= 1.8.0.152-r1 |
Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications require.
Multiple vulnerabilities have been discovered in Oracle’s Java SE. Please review the referenced CVE identifiers for details.
A remote attacker could cause a Denial of Service condition, modify arbitrary data, or have numerous other impacts.
There is no known workaround at this time.
All Oracle JDK users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.8.0.152-r1"
All Oracle JRE users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.8.0.152-r1"
Release date
October 29, 2017
Latest revision
October 29, 2017: 1
Severity
normal
Exploitable
remote
Bugzilla entries