Gentoo Security Advisory GLSA 200705-20 (blackdown-jdk,blackdown-jre)

Summary
The remote host is missing updates announced in advisory GLSA 200705-20.
Solution
Since there is no fixed update from Blackdown and since the flaw only occurs in the applets, the 'nsplugin' USE flag has been masked in the portage tree. Emerge the ebuild again in order to fix the vulnerability. Another solution is to switch to another Java implementation such as the Sun implementation (dev-java/sun-jdk and dev-java/sun-jre-bin). # emerge --sync # emerge --ask --oneshot --verbose 'dev-java/blackdown-jdk' # emerge --ask --oneshot --verbose 'dev-java/blackdown-jre' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200705-20 http://bugs.gentoo.org/show_bug.cgi?id=161835
Insight
The Blackdown JDK and the Blackdown JRE suffer from the multiple unspecified vulnerabilities that already affected the Sun JDK and JRE.