LWN.net Logo

openjdk-6: code execution

Package(s):openjdk-6 CVE #(s):CVE-2013-0809 CVE-2013-1493
Created:March 6, 2013 Updated:March 20, 2013
Description: From the CVE entries:

Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. (CVE-2013-0809)

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. (CVE-2013-1493)

Alerts:
Ubuntu USN-1755-1 2013-03-05
Red Hat RHSA-2013:0600-01 2013-03-06
Red Hat RHSA-2013:0601-01 2013-03-06
Red Hat RHSA-2013:0603-01 2013-03-06
Red Hat RHSA-2013:0602-01 2013-03-06
Red Hat RHSA-2013:0604-01 2013-03-06
Red Hat RHSA-2013:0605-01 2013-03-06
CentOS CESA-2013:0604 2013-03-06
CentOS CESA-2013:0603 2013-03-06
Fedora FEDORA-2013-3467 2013-03-06
Oracle ELSA-2013-0603 2013-03-07
Oracle ELSA-2013-0602 2013-03-06
Oracle ELSA-2013-0604 2013-03-07
Oracle ELSA-2013-0605 2013-03-06
Scientific Linux SL-java-20130307 2013-03-07
Scientific Linux SL-java-20130307 2013-03-07
Ubuntu USN-1755-2 2013-03-07
Mandriva MDVSA-2013:021 2013-03-08
CentOS CESA-2013:0605 2013-03-09
CentOS CESA-2013:0602 2013-03-09
Mageia MGASA-2013-0088 2013-03-09
Mageia MGASA-2013-0089 2013-03-09
Red Hat RHSA-2013:0624-01 2013-03-11
Red Hat RHSA-2013:0625-01 2013-03-11
Red Hat RHSA-2013:0626-01 2013-03-11
openSUSE openSUSE-SU-2013:0430-1 2013-03-12
openSUSE openSUSE-SU-2013:0438-1 2013-03-12
SUSE SUSE-SU-2013:0434-1 2013-03-12
Fedora FEDORA-2013-3468 2013-03-14
openSUSE openSUSE-SU-2013:0509-1 2013-03-20

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds