← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

PublicDateAtUSN: 2013-04-17
Candidate: CVE-2013-1537
PublicDate: 2013-04-17
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
 http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
 http://www.ubuntu.com/usn/usn-1806-1
 http://www.ubuntu.com/usn/usn-1819-1
Description:
 Unspecified vulnerability in the Java Runtime Environment (JRE) component
 in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to
 affect confidentiality, integrity, and availability via vectors related to
 RMI.  NOTE: the previous information is from the April 2013 CPU. Oracle has
 not commented on claims from another vendor that this issue is related to
 the default java.rmi.server.useCodebaseOnly setting of false, which allows
 remote attackers to perform "dynamic class downloading" and execute
 arbitrary code.
Ubuntu-Description:
Notes:
 mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package
 jdstrand> sun-java6 is not redistributable, no longer in the archive and
  no longer tracked
 jdstrand> sun-java5 is EOL upstream and no longer tracked
 jdstrand> as of 2013-04-19, IcedTea has not released 2.3.9 or 1.12.5 to fix
  this issue
Bugs:
Priority: medium
Discovered-by:
Assigned-to:

Patches_openjdk-6:
upstream_openjdk-6: released (6u45)
hardy_openjdk-6: ignored (reached end-of-life)
lucid_openjdk-6: released (6b27-1.12.5-0ubuntu0.10.04.1)
oneiric_openjdk-6: released (6b27-1.12.5-0ubuntu0.11.10.1)
precise_openjdk-6: released (6b27-1.12.5-0ubuntu0.12.04.1)
quantal_openjdk-6: released (6b27-1.12.5-0ubuntu0.12.10.1)
raring_openjdk-6: released (6b27-1.12.5-1ubuntu1)
devel_openjdk-6: released (6b27-1.12.5-1ubuntu1)

Patches_openjdk-7:
upstream_openjdk-7: released (7u21)
hardy_openjdk-7: DNE
lucid_openjdk-7: DNE
oneiric_openjdk-7: released (7u21-2.3.9-0ubuntu0.11.10.1)
precise_openjdk-7: released (7u21-2.3.9-0ubuntu0.12.04.1)
quantal_openjdk-7: released (7u21-2.3.9-0ubuntu0.12.10.1)
raring_openjdk-7: released (7u21-2.3.9-1ubuntu1)
devel_openjdk-7: released (7u21-2.3.9-1ubuntu1)

Patches_openjdk-6b18:
upstream_openjdk-6b18: needs-triage
hardy_openjdk-6b18: DNE
lucid_openjdk-6b18: ignored (reached end-of-life)
oneiric_openjdk-6b18: ignored (superseded by openjdk-6)
precise_openjdk-6b18: DNE
quantal_openjdk-6b18: DNE
raring_openjdk-6b18: DNE
devel_openjdk-6b18: DNE

Patches_icedtea-web:
upstream_icedtea-web: not-affected
hardy_icedtea-web: DNE
lucid_icedtea-web: not-affected
oneiric_icedtea-web: not-affected
precise_icedtea-web: not-affected
quantal_icedtea-web: not-affected
raring_icedtea-web: not-affected
devel_icedtea-web: not-affected