Oracle JDK/JRE: Multiple vulnerabilities

Oracle JDK/JRE: Multiple vulnerabilities Multiple vulnerabilities have been found in Oracle's JDK and JRE software suites, the worst of which can be remotely exploited without authentication. oracle,jdk,jre 2017-10-29 2017-10-29 635030 remote 1.8.0.152-r1 1.8.0.152-r1 1.8.0.152-r1 1.8.0.152-r1

Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications require.

Multiple vulnerabilities have been discovered in Oracle’s Java SE. Please review the referenced CVE identifiers for details.

A remote attacker could cause a Denial of Service condition, modify arbitrary data, or have numerous other impacts.

There is no known workaround at this time.

All Oracle JDK users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=dev-java/oracle-jdk-bin-1.8.0.152-r1"

All Oracle JRE users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=dev-java/oracle-jre-bin-1.8.0.152-r1"

CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10309 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 jmbailey jmbailey