Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Gentoo Security Advisory GLSA 200411-38 (Java)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing updates announced in advisory GLSA 200411-38.
Insight
Insight
The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.
Solution
Solution
All Sun JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.06' All Sun JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.06' All Blackdown JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.01' All Blackdown JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.01' Note: You should unmerge all vulnerable versions to be fully protected. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200411-38 http://bugs.gentoo.org/show_bug.cgi?id=72172 http://bugs.gentoo.org/show_bug.cgi?id=72221 http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2004-01.txt