IcedTea’s aim is to provide OpenJDK in a form suitable for easy + configuration, compilation and distribution with the primary goal of + allowing inclusion in GNU/Linux distributions. +
+Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, + Libraries, and JAXP, exist which allows remote attackers to affect the + confidentiality, integrity, and availability of vulnerable systems. Many + of the vulnerabilities can only be exploited through sandboxed Java Web + Start applications and java applets. Please review the CVE identifiers + referenced below for details. +
+Remote attackers may execute arbitrary code, compromise information, or + cause Denial of Service. +
+There is no known work around at this time.
+Gentoo Security is no longer supporting dev-java/icedtea, as it has been + officially dropped from the stable tree. +
+ +Users of the IcedTea 3.x binary package should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.0.1"
+
+
+ Users of the IcedTea 7.x binary package should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/icedtea-7.2.6.6"
+
+ Kwalletd is is a credentials management application for KDE.
+Kwalletd in KWallet uses Blowfish with ECB mode instead of CBC mode when + encrypting the password store. +
+Local attackers, with access to the password store, could conduct a + codebook attack in order to obtain confidential passwords. +
+There is no known workaround at this time.
+All kwalletd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-apps/kwalletd-4.14.3-r1"
+
+
+