Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution.
|Package||dev-java/icedtea-bin on all architectures|
|Affected versions||< 188.8.131.52|
|Unaffected versions||>= 184.108.40.206, < 6|
IcedTea is a distribution of the Java OpenJDK source code built with free build tools.
Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details.
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact.
There is no known workaround at this time.
All IcedTea JDK users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-220.127.116.11"