Multiple vulnerabilities have been found in Oracle JRE/JDK, allowing both local and remote attackers to compromise various Java components.
Package | dev-java/oracle-jre-bin on all architectures |
---|---|
Affected versions | < 1.8.0.31 < 1.7.0.76 |
Unaffected versions | >= 1.8.0.31 >= 1.7.0.76 |
Package | dev-java/oracle-jdk-bin on all architectures |
---|---|
Affected versions | < 1.8.0.31 < 1.7.0.76 |
Unaffected versions | >= 1.8.0.31 >= 1.7.0.76 |
The Oracle Java Development Kit (JDK) and the Oracle Java Runtime Environment (JRE) provide the Oracle Java platform.
Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please review the CVE identifiers referenced below for details.
An context-dependent attacker may be able to influence the confidentiality, integrity, and availability of Java applications/runtime.
There is no workaround at this time.
All Oracle JRE 8 users should upgrade to the latest stable version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.8.0.31
All Oracle JDK 8 users should upgrade to the latest stable version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.8.0.31
All Oracle JRE 7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.7.0.76
All Oracle JDK 7 users should upgrade to the latest stable version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.7.0.76
Release date
July 10, 2015
Latest revision
July 11, 2015: 2
Severity
normal
Exploitable
local, remote
Bugzilla entries