The remote host is missing updates announced in advisory GLSA 201006-18.

All Oracle JRE 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.20' All Oracle JDK 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.20' All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.20' All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle JRE 1.5.x users are strongly advised to unmerge Java 1.5: # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5* # emerge --unmerge =dev-java/sun-jre-bin-1.5* # emerge --unmerge =dev-java/sun-jdk-1.5* Gentoo is ceasing support for the 1.5 generation of the Oracle Java Platform in accordance with upstream. All 1.5 JRE versions are masked and will be removed shortly. All 1.5 JDK versions are marked as 'build-only' and will be masked for removal shortly. Users are advised to change their default user and system Java implementation to an unaffected version. For example: # java-config --set-system-vm sun-jdk-1.6 For more information, please consult the Gentoo Linux Java documentation. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201006-18 http://bugs.gentoo.org/show_bug.cgi?id=306579 http://bugs.gentoo.org/show_bug.cgi?id=314531 http://www.gentoo.org/doc/en/java.xml#doc_chap4 http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html

The Oracle JDK and JRE are vulnerable to multiple unspecified vulnerabilities.