IcedTea: Multiple vulnerabilities Multiple vulnerabilities have been found in IcedTea allowing remote attackers to affect confidentiality, integrity, and availability through various vectors. 2016-03-12 2016-04-19 537940 559532 565842 567850 572716 remote 7.2.6.4 6.1.13.9 6 7.2.6.4 7.2.6.4 6.1.13.9 6 7.2.6.4

IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions.

Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. This includes the possibility of remote execution of arbitrary code, information disclosure, or Denial of Service. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please reference the CVEs listed for specific details.

Remote attackers may remotely execute arbitrary code, compromise information, or cause Denial of Service.

There is no known work around at this time.

IcedTea 7.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-7.2.6.4"

IcedTea bin 7.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-7.2.6.4"

IcedTea 6.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-6.1.13.9"

IcedTea bin 6.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.9"
CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0407 CVE-2015-0408 CVE-2015-0412 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 K_F b-man