SB2017050705 - Gentoo update for Oracle JDK/JRE
Published: May 7, 2017
Security Bulletin ID
SB2017050705
Severity
High
Patch available
YES
Number of vulnerabilities
8
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Security restrictions bypass (CVE-ID: CVE-2017-3509)
The vulnerability allows a remote attacker to gain access to potentially sensitive information on the target system.The weakness exists due to unknown error. A remote attacker can read and modify arbitrary files.
2) Remote code execution (CVE-ID: CVE-2017-3511)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to unknown error related to the Java SE, Java SE Embedded, JRockit JCE component. A remote attacker can trick the victim into visiting a specially crafted webpage and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
3) Remote code execution (CVE-ID: CVE-2017-3512)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to unknown error related to the Java SE AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
4) Remote code execution (CVE-ID: CVE-2017-3514)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to unknown error related to the Java SE AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
5) Denial of service (CVE-ID: CVE-2017-3526)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.The weakness exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted webpage and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
6) Security restrictions bypass (CVE-ID: CVE-2017-3533)
The vulnerability allows a remote attacker to modify information on the target system.The weakness exists due to unknown error related to the Java SE, Java SE Embedded, JRockit Networking component. A remote attacker can access and modify arbitrary data.
7) Security restrictions bypass (CVE-ID: CVE-2017-3539)
The vulnerability allows a remote attacker to modify information on the target system.The weakness exists due to unknown error related to the Java SE, Java SE Embedded Security component. A remote attacker can trick the victim into visiting a specially crafted webpage, access and modify arbitrary data.
8) Security restrictions bypass (CVE-ID: CVE-2017-3544)
The vulnerability allows a remote attacker to modify information on the target system.The weakness exists due to unknown error related to the Java SE, Java SE Embedded Networking component. A remote attacker can access and modify arbitrary data.
Remediation
Install update from vendor's website.