| Descripción: | Summary:
The remote host is missing updates announced in
advisory GLSA 200911-02.
Vulnerability Insight:
Multiple vulnerabilities in the Sun JDK and JRE allow for several attacks,
including the remote execution of arbitrary code.
Solution:
All Sun JRE 1.5.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.5.0.22'
All Sun JRE 1.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.17'
All Sun JDK 1.5.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.5.0.22'
All Sun JDK 1.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.17'
All users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.5.0.22'
All users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.17'
All Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and
precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge
Java 1.4:
# emerge --unmerge =app-emulation/emul-linux-x86-java-1.4*
# emerge --unmerge =dev-java/sun-jre-bin-1.4*
# emerge --unmerge =dev-java/sun-jdk-1.4*
# emerge --unmerge dev-java/blackdown-jdk
# emerge --unmerge dev-java/blackdown-jre
Gentoo is ceasing support for the 1.4 generation of the Sun Java
Platform in accordance with upstream. All 1.4 JRE and JDK versions are
masked and will be removed shortly.
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
