1
PublicDateAtUSN: 2013-01-14
2
Candidate: CVE-2012-3174
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3174
6
http://www.kb.cert.org/vuls/id/625617
7
https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
8
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
9
http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
10
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
11
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
12
http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
13
http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
14
http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html
15
https://blogs.oracle.com/security/entry/security_alert_for_cve_2013
16
https://usn.ubuntu.com/usn/usn-1693-1
18
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote
19
attackers to affect confidentiality, integrity, and availability via
20
unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some
21
parties have mapped CVE-2012-3174 to an issue involving recursive use of
22
the Reflection API, but that issue is already covered as part of
23
CVE-2013-0422. This identifier is for a different vulnerability whose
24
details are not public as of 20130114.
27
jdstrand> like with CVE-2013-0422, exploit code does not work with OpenJDK at
28
this time. Users are advised to disable and/or uninstall the IcedTea plugin
29
(regardless of version) as a precaution unless its use is strictly required.
30
jdstrand> Fixed in IcedTea 2.2.3 and 2.3.4
37
upstream_sun-java6: needs-triage
38
hardy_sun-java6: ignored (upstream version is not redistributable)
39
lucid_sun-java6: DNE (removed from archive)
40
oneiric_sun-java6: DNE
41
precise_sun-java6: DNE
42
quantal_sun-java6: DNE
46
upstream_sun-java5: ignored (end of life)
47
hardy_sun-java5: ignored (upstream sun-java5 is EoL)
49
oneiric_sun-java5: DNE
50
precise_sun-java5: DNE
51
quantal_sun-java5: DNE
54
Priority_openjdk-6: medium
56
upstream_openjdk-6: needs-triage
57
hardy_openjdk-6: ignored (reached end-of-life)
58
lucid_openjdk-6: not-affected
59
oneiric_openjdk-6: not-affected
60
precise_openjdk-6: not-affected
61
quantal_openjdk-6: not-affected
62
devel_openjdk-6: not-affected
64
Priority_icedtea-web: medium
66
upstream_icedtea-web: needs-triage
67
hardy_icedtea-web: DNE
68
lucid_icedtea-web: not-affected
69
oneiric_icedtea-web: not-affected
70
precise_icedtea-web: not-affected
71
quantal_icedtea-web: not-affected
72
devel_icedtea-web: not-affected
75
upstream_openjdk-7: released (7u9-2.3.4-1)
78
oneiric_openjdk-7: released (7u9-2.3.4-0ubuntu1.11.10.1)
79
precise_openjdk-7: released (7u9-2.3.4-0ubuntu1.12.04.1)
80
quantal_openjdk-7: released (7u9-2.3.4-0ubuntu1.12.10.1)
81
devel_openjdk-7: released (7u9-2.3.4-1ubuntu1)