Oracle JRE/JDK: Multiple vulnerabilities — GLSA 201507-14

Multiple vulnerabilities have been found in Oracle JRE/JDK, allowing both local and remote attackers to compromise various Java components.

Affected packages

dev-java/oracle-jre-bin on all architectures
Affected versions < 1.8.0.31
< 1.7.0.76
Unaffected versions >= 1.8.0.31
>= 1.7.0.76
dev-java/oracle-jdk-bin on all architectures
Affected versions < 1.8.0.31
< 1.7.0.76
Unaffected versions >= 1.8.0.31
>= 1.7.0.76

Background

The Oracle Java Development Kit (JDK) and the Oracle Java Runtime Environment (JRE) provide the Oracle Java platform.

Description

Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please review the CVE identifiers referenced below for details.

Impact

An context-dependent attacker may be able to influence the confidentiality, integrity, and availability of Java applications/runtime.

Workaround

There is no workaround at this time.

Resolution

All Oracle JRE 8 users should upgrade to the latest stable version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.8.0.31
 

All Oracle JDK 8 users should upgrade to the latest stable version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.8.0.31
 

All Oracle JRE 7 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.7.0.76
 

All Oracle JDK 7 users should upgrade to the latest stable version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.7.0.76
 

References

Release date
July 10, 2015

Latest revision
July 11, 2015: 2

Severity
normal

Exploitable
local, remote

Bugzilla entries