Gentoo Security Advisory GLSA 200705-20 (blackdown-jdk,blackdown-jre) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200705-20.

Solution

Since there is no fixed update from Blackdown and since the flaw only occurs in the applets, the 'nsplugin' USE flag has been masked in the portage tree. Emerge the ebuild again in order to fix the vulnerability. Another solution is to switch to another Java implementation such as the Sun implementation (dev-java/sun-jdk and dev-java/sun-jre-bin). # emerge --sync # emerge --ask --oneshot --verbose 'dev-java/blackdown-jdk' # emerge --ask --oneshot --verbose 'dev-java/blackdown-jre' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200705-20 http://bugs.gentoo.org/show_bug.cgi?id=161835

Insight

The Blackdown JDK and the Blackdown JRE suffer from the multiple unspecified vulnerabilities that already affected the Sun JDK and JRE.

Severity

Classification

CVE CVE-2006-6731, CVE-2006-6736, CVE-2006-6737, CVE-2006-6745

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200405-17 (metamail)
Gentoo Security Advisory GLSA 200409-10 (multi-gnome-terminal)
Gentoo Security Advisory GLSA 200407-05 (xdm)
Gentoo Security Advisory GLSA 200407-19 (Pavuk)
Gentoo Security Advisory GLSA 200403-13 (mplayer)

Take action and discover your vulnerabilities