Lucene search

K
gentooGentoo FoundationGLSA-202006-22
HistoryJun 15, 2020 - 12:00 a.m.

OpenJDK, IcedTea: Multiple vulnerabilities

2020-06-1500:00:00
Gentoo Foundation
security.gentoo.org
36

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.004

Percentile

72.0%

Background

OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition.

IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions.

Description

Multiple vulnerabilities have been discovered in OpenJDK and IcedTea. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenJDK binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.252_p09"

All OpenJDK JRE binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=dev-java/openjdk-jre-bin-8.252_p09"

All IcedTea binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.16.0"

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.004

Percentile

72.0%