Summary
The remote host is missing updates announced in
advisory GLSA 201111-02.
Solution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.29'
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.29'
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.29'
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is
not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201111-02 http://bugs.gentoo.org/show_bug.cgi?id=340421
http://bugs.gentoo.org/show_bug.cgi?id=354213
http://bugs.gentoo.org/show_bug.cgi?id=370559
http://bugs.gentoo.org/show_bug.cgi?id=387851
Insight
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities