1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
PublicDateAtUSN: 2013-04-17
Candidate: CVE-2013-1537
PublicDate: 2013-04-17
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
http://www.ubuntu.com/usn/usn-1806-1
http://www.ubuntu.com/usn/usn-1819-1
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to
affect confidentiality, integrity, and availability via vectors related to
RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has
not commented on claims from another vendor that this issue is related to
the default java.rmi.server.useCodebaseOnly setting of false, which allows
remote attackers to perform "dynamic class downloading" and execute
arbitrary code.
Ubuntu-Description:
Notes:
mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand> sun-java6 is not redistributable, no longer in the archive and
no longer tracked
jdstrand> sun-java5 is EOL upstream and no longer tracked
jdstrand> as of 2013-04-19, IcedTea has not released 2.3.9 or 1.12.5 to fix
this issue
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_openjdk-6:
upstream_openjdk-6: released (6u45)
hardy_openjdk-6: ignored (reached end-of-life)
lucid_openjdk-6: released (6b27-1.12.5-0ubuntu0.10.04.1)
oneiric_openjdk-6: released (6b27-1.12.5-0ubuntu0.11.10.1)
precise_openjdk-6: released (6b27-1.12.5-0ubuntu0.12.04.1)
quantal_openjdk-6: released (6b27-1.12.5-0ubuntu0.12.10.1)
raring_openjdk-6: released (6b27-1.12.5-1ubuntu1)
devel_openjdk-6: released (6b27-1.12.5-1ubuntu1)
Patches_openjdk-7:
upstream_openjdk-7: released (7u21)
hardy_openjdk-7: DNE
lucid_openjdk-7: DNE
oneiric_openjdk-7: released (7u21-2.3.9-0ubuntu0.11.10.1)
precise_openjdk-7: released (7u21-2.3.9-0ubuntu0.12.04.1)
quantal_openjdk-7: released (7u21-2.3.9-0ubuntu0.12.10.1)
raring_openjdk-7: released (7u21-2.3.9-1ubuntu1)
devel_openjdk-7: released (7u21-2.3.9-1ubuntu1)
Patches_openjdk-6b18:
upstream_openjdk-6b18: needs-triage
hardy_openjdk-6b18: DNE
lucid_openjdk-6b18: ignored (reached end-of-life)
oneiric_openjdk-6b18: ignored (superseded by openjdk-6)
precise_openjdk-6b18: DNE
quantal_openjdk-6b18: DNE
raring_openjdk-6b18: DNE
devel_openjdk-6b18: DNE
Patches_icedtea-web:
upstream_icedtea-web: not-affected
hardy_icedtea-web: DNE
lucid_icedtea-web: not-affected
oneiric_icedtea-web: not-affected
precise_icedtea-web: not-affected
quantal_icedtea-web: not-affected
raring_icedtea-web: not-affected
devel_icedtea-web: not-affected
|