Home / mailingsPDF  

[gentoo-announce] [ GLSA 202209-15 ] Oracle JDK/JRE: Multiple vulnerabilities

Posted on 25 September 2022
Gentoo-announce

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202209-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Oracle JDK/JRE: Multiple vulnerabilities
Date: September 25, 2022
Bugs: #732630, #717638
ID: 202209-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========
Multiple vulnerabilities have been found in Oracle JDK and JRE, the
worst of which could result in the arbitrary execution of code.

Background
==========
Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in today's
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that today's
applications require.

Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/oracle-jdk-bin <= 11.0.2 Vulnerable!
2 dev-java/oracle-jre-bin <= 1.8.0.202 Vulnerable!

Description
===========
Multiple vulnerabilities have been discovered in Oracle's JDK and JRE
software suites. Please review the CVE identifiers referenced below for
details.

Impact
======
Certain uses of untrusted data by Oracle JDK and JRE could result in
arbitrary code execution.

Workaround
==========
There is no known workaround at this time.

Resolution
==========
Gentoo has discontinued support for the Oracle JDK and JRE. We recommend
that users remove it, and use dev-java/openjdk, dev-java/openjdk-bin, or
dev-java/openjdk-jre-bin instead:

# emerge --ask --depclean "dev-java/oracle-jre-bin"
# emerge --ask --depclean "dev-java/oracle-jdk-bin"

References
==========
[ 1 ] CVE-2020-2585
https://nvd.nist.gov/vuln/detail/CVE-2020-2585
[ 2 ] CVE-2020-2755
https://nvd.nist.gov/vuln/detail/CVE-2020-2755
[ 3 ] CVE-2020-2756
https://nvd.nist.gov/vuln/detail/CVE-2020-2756
[ 4 ] CVE-2020-2757
https://nvd.nist.gov/vuln/detail/CVE-2020-2757
[ 5 ] CVE-2020-2773
https://nvd.nist.gov/vuln/detail/CVE-2020-2773
[ 6 ] CVE-2020-2781
https://nvd.nist.gov/vuln/detail/CVE-2020-2781
[ 7 ] CVE-2020-2800
https://nvd.nist.gov/vuln/detail/CVE-2020-2800
[ 8 ] CVE-2020-2803
https://nvd.nist.gov/vuln/detail/CVE-2020-2803
[ 9 ] CVE-2020-2805
https://nvd.nist.gov/vuln/detail/CVE-2020-2805
[ 10 ] CVE-2020-14556
https://nvd.nist.gov/vuln/detail/CVE-2020-14556
[ 11 ] CVE-2020-14562
https://nvd.nist.gov/vuln/detail/CVE-2020-14562
[ 12 ] CVE-2020-14573
https://nvd.nist.gov/vuln/detail/CVE-2020-14573
[ 13 ] CVE-2020-14577
https://nvd.nist.gov/vuln/detail/CVE-2020-14577
[ 14 ] CVE-2020-14578
https://nvd.nist.gov/vuln/detail/CVE-2020-14578
[ 15 ] CVE-2020-14579
https://nvd.nist.gov/vuln/detail/CVE-2020-14579
[ 16 ] CVE-2020-14581
https://nvd.nist.gov/vuln/detail/CVE-2020-14581
[ 17 ] CVE-2020-14583
https://nvd.nist.gov/vuln/detail/CVE-2020-14583
[ 18 ] CVE-2020-14593
https://nvd.nist.gov/vuln/detail/CVE-2020-14593
[ 19 ] CVE-2020-14621
https://nvd.nist.gov/vuln/detail/CVE-2020-14621
[ 20 ] CVE-2020-14664
https://nvd.nist.gov/vuln/detail/CVE-2020-14664

Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202209-15

Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
--===============0882767678727131082==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

 

TOP