Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201603-14
HistoryMar 12, 2016 - 12:00 a.m.

IcedTea: Multiple vulnerabilities

2016-03-1200:00:00
Gentoo Foundation
security.gentoo.org
18

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.698 Medium

EPSS

Percentile

98.0%

JSON

Background

IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions.

Description

Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. This includes the possibility of remote execution of arbitrary code, information disclosure, or Denial of Service. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please reference the CVEs listed for specific details.

Impact

Remote attackers may remotely execute arbitrary code, compromise information, or cause Denial of Service.

Workaround

There is no known work around at this time.

Resolution

IcedTea 7.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/icedtea-7.2.6.4"

IcedTea bin 7.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.4"

IcedTea 6.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/icedtea-6.1.13.9"

IcedTea bin 6.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.9"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-java/icedtea< 7.2.6.4UNKNOWN
Gentooanyalldev-java/icedtea-bin< 7.2.6.4UNKNOWN

Related

openvas 55
nessus 55
suse 10
redhat 12
oraclelinux 7
centos 6
debian 5
amazon 5
ubuntu 4
veracode 19
mageia 1
ibm 12
archlinux 4
aix 1
f5 2
osv 1
openvas
openvas
Gentoo Security Advisory GLSA 201603-14
2016-03-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1874-2)
2021-04-19 00:00:00
RedHat Update for java-1.7.0-openjdk RHSA-2015:1920-01
2015-10-22 00:00:00
nessus
nessus
GLSA-201603-14 : IcedTea: Multiple vulnerabilities
2016-03-14 00:00:00
RHEL 5 : java-1.7.0-openjdk (RHSA-2015:1921)
2015-10-22 00:00:00
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-605)
2015-10-29 00:00:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-11-02 17:11:26
Security update for java-1_7_0-openjdk (important)
2015-11-12 14:18:13
Security update for java-1_7_0-openjdk (important)
2015-11-02 16:35:18
redhat
redhat
(RHSA-2015:1921) Important: java-1.7.0-openjdk security update
2015-10-21 00:00:00
(RHSA-2015:1920) Critical: java-1.7.0-openjdk security update
2015-10-21 00:00:00
(RHSA-2015:2086) Important: java-1.6.0-openjdk security update
2015-11-18 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.6.0-openjdk security update
2015-11-18 00:00:00
centos
centos
java security update
2015-10-21 23:14:14
java security update
2015-10-21 23:24:30
java security update
2015-11-18 19:46:16
debian
debian
[SECURITY] [DSA 3381-1] openjdk-7 security update
2015-10-27 21:21:20
[SECURITY] [DSA 3381-2] openjdk-7 security update
2015-11-01 22:21:57
[SECURITY] [DLA 346-1] openjdk-6 security update
2015-11-24 08:56:52
amazon
amazon
Critical: java-1.7.0-openjdk
2015-10-27 13:52:00
Important: java-1.6.0-openjdk
2015-12-14 10:00:00
Important: java-1.8.0-openjdk
2015-10-27 16:39:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-12-03 00:00:00
OpenJDK 7 vulnerabilities
2015-10-28 00:00:00
OpenJDK 6 vulnerabilities
2015-08-06 00:00:00
veracode
veracode
Authentication Bypass
2019-05-02 05:19:32
Authentication Bypass
2019-05-02 05:19:32
Authentication Bypass
2019-05-02 05:19:33
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2015-10-25 19:34:48
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)
2018-06-18 01:33:35
Security Bulletin: October 2015 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products
2018-06-18 00:32:30
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection
2018-06-16 21:38:16
archlinux
archlinux
jre7-openjdk: multiple issues
2015-10-23 00:00:00
jre7-openjdk-headless: multiple issues
2015-10-23 00:00:00
jdk7-openjdk: multiple issues
2015-10-23 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-12-10 08:51:54
f5
f5
SOL16352 - Multiple OpenJDK vulnerabilities
2015-04-02 00:00:00
K16352 : Multiple OpenJDK vulnerabilities
2015-04-02 00:00:00
osv
osv
openjdk-6 - security update
2015-08-28 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.698 Medium

EPSS

Percentile

98.0%

JSON
Related for GLSA-201603-14
openvas55nessus55suse10redhat12oraclelinux7centos6debian5amazon5ubuntu4veracode19mageia1ibm12archlinux4aix1f52osv1