Summary
The remote host is missing updates announced in
advisory GLSA 200705-20.
Solution
Since there is no fixed update from Blackdown and since the flaw only occurs in the applets, the 'nsplugin' USE flag has been masked in the portage tree. Emerge the ebuild again in order to fix the vulnerability.
Another solution is to switch to another Java implementation such as the Sun implementation (dev-java/sun-jdk and dev-java/sun-jre-bin).
# emerge --sync
# emerge --ask --oneshot --verbose 'dev-java/blackdown-jdk' # emerge --ask --oneshot --verbose 'dev-java/blackdown-jre'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200705-20 http://bugs.gentoo.org/show_bug.cgi?id=161835
Insight
The Blackdown JDK and the Blackdown JRE suffer from the multiple unspecified vulnerabilities that already affected the Sun JDK and JRE.
Severity
Classification
-
CVE CVE-2006-6731, CVE-2006-6736, CVE-2006-6737, CVE-2006-6745 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities