Forum: >>> Magnum BBS <<<

[gentoo-announce] [ GLSA 202209-15 ] Oracle JDK/JRE: Multiple vulnerabi

From glsamaker@gentoo.org@21:1/5 to All on Sun Sep 25 16:00:02 2022

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202209-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Oracle JDK/JRE: Multiple vulnerabilities
Date: September 25, 2022
Bugs: #732630, #717638
ID: 202209-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Oracle JDK and JRE, the
worst of which could result in the arbitrary execution of code.

Background
==========

Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in today's
demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today's
applications require.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/oracle-jdk-bin <= 11.0.2 Vulnerable!
2 dev-java/oracle-jre-bin <= 1.8.0.202 Vulnerable!

Description
===========

Multiple vulnerabilities have been discovered in Oracle's JDK and JRE
software suites. Please review the CVE identifiers referenced below for details.

Impact
======

Certain uses of untrusted data by Oracle JDK and JRE could result in
arbitrary code execution.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

Gentoo has discontinued support for the Oracle JDK and JRE. We recommend
that users remove it, and use dev-java/openjdk, dev-java/openjdk-bin, or dev-java/openjdk-jre-bin instead:

# emerge --ask --depclean "dev-java/oracle-jre-bin"
# emerge --ask --depclean "dev-java/oracle-jdk-bin"

References
==========

[ 1 ] CVE-2020-2585
https://nvd.nist.gov/vuln/detail/CVE-2020-2585
[ 2 ] CVE-2020-2755
https://nvd.nist.gov/vuln/detail/CVE-2020-2755
[ 3 ] CVE-2020-2756
https://nvd.nist.gov/vuln/detail/CVE-2020-2756
[ 4 ] CVE-2020-2757
https://nvd.nist.gov/vuln/detail/CVE-2020-2757
[ 5 ] CVE-2020-2773
https://nvd.nist.gov/vuln/detail/CVE-2020-2773
[ 6 ] CVE-2020-2781
https://nvd.nist.gov/vuln/detail/CVE-2020-2781
[ 7 ] CVE-2020-2800
https://nvd.nist.gov/vuln/detail/CVE-2020-2800
[ 8 ] CVE-2020-2803
https://nvd.nist.gov/vuln/detail/CVE-2020-2803
[ 9 ] CVE-2020-2805
https://nvd.nist.gov/vuln/detail/CVE-2020-2805
[ 10 ] CVE-2020-14556
https://nvd.nist.gov/vuln/detail/CVE-2020-14556
[ 11 ] CVE-2020-14562
https://nvd.nist.gov/vuln/detail/CVE-2020-14562
[ 12 ] CVE-2020-14573
https://nvd.nist.gov/vuln/detail/CVE-2020-14573
[ 13 ] CVE-2020-14577
https://nvd.nist.gov/vuln/detail/CVE-2020-14577
[ 14 ] CVE-2020-14578
https://nvd.nist.gov/vuln/detail/CVE-2020-14578
[ 15 ] CVE-2020-14579
https://nvd.nist.gov/vuln/detail/CVE-2020-14579
[ 16 ] CVE-2020-14581
https://nvd.nist.gov/vuln/detail/CVE-2020-14581
[ 17 ] CVE-2020-14583
https://nvd.nist.gov/vuln/detail/CVE-2020-14583
[ 18 ] CVE-2020-14593
https://nvd.nist.gov/vuln/detail/CVE-2020-14593
[ 19 ] CVE-2020-14621
https://nvd.nist.gov/vuln/detail/CVE-2020-14621
[ 20 ] CVE-2020-14664
https://nvd.nist.gov/vuln/detail/CVE-2020-14664

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202209-15

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmMwWU8ACgkQFMQkOaVy +9nINhAA2xr2mf+x7gqpLRwx5U18MllXeAfjlvvmjAJvoaBemFexJEwC2oIrP4R+ qhMLEuxgdc68nREHkzekETZQdbwyFSWsopgyh+nWMahHjiD1qYIJ2vJydfeIQT6Z GQKOvlc40qqiEJ53h2vB6i1hc8UGrCoterwcAFxZ3BOpshNOdWQfEOTV7t+enUS4 P5RwkZ+9XMYjgaIrAoDmkLVpm+p919oyG0pNT8JbvPcFbuAPC1qw1ToJFhyZdGaF Wc/XaFGAy3YdFl1i00MgBskyBa6lI6nX94yPWYWpX7RFN5Hmf66Rpoo0QS5volr6 3FyxDuXNZKAa5LbQXQN/lVDw7iEc18Zhfebq1MnzUQq7aw6ViI2iMwBwjfgJUw4o WQobJPIgqNhpJ7Q3/CA7fKe8DPNc9wqKqaJF9Cr8ySOaIvmbNqMJPQiQo+6inKZo KCgvkCRt8i5M2royHPlqWLVFjNzYP+PfgyCqj0HSjLN36HgRDWaoVSXvSCAhTWLm SixJKiGdTD7u6GWeuK7nc9e8XqWhmqQ0+myP66PVuzTSNhcDMQ/dnhUBP4GK6NLG wB5CaS6l3D5bMM/rT7p6L3pnGGjbvFntOVoc8huYN00D7KbyNI6TLvOGCOLefsfR 3aTVv3RKFapIEuH6pYK943oCW2PXATFIuVQ9lVX+iEgTmxCphgY=
=+Elm
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Plume
  Sun Sep 14 09:34:52 2025
  from Uk via Raw
- Gretchiie
  Sun Sep 14 06:07:30 2025
  from Derry, Nh via Telnet
- Thlc
  Sat Sep 13 17:11:34 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 17:04:03 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 16:32:19 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 15:41:11 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 07:56:03 2025
  from Rognac, France via SSH
- Gretchiie
  Sat Sep 13 07:22:10 2025
  from Derry, Nh via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (0 / 16)
Uptime:	164:08:05
Calls:	10,385
Calls today:	2
Files:	14,057
Messages:	6,416,517

[gentoo-announce] [ GLSA 202209-15 ] Oracle JDK/JRE: Multiple vulnerabi

Who's Online

Recent Visitors

System Info