Summary: | <dev-java/sun-{jdk,jre-bin}-1.6.0.39, <app-emul/emul-linux-x86-java-1.6.0.39, <dev-java/oracle-{jdk,jre}-bin-1.7.0.13: Multiple vulnerabilities (CVE-2012-{1541,3213,3342},CVE-2013-{0351,0409,0419,0423,0430,0437,0438,0445,0446,0448,0449,1473,1479,1481}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | wyvern5 |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | god, java, krinpaus |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.oracle.com/technetwork/java/javase/7u13-relnotes-1902884.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 457206 |
Description
wyvern5
2013-02-02 18:39:49 UTC
Version bumps are now in tree. The following need to be stabilized on amd64: =app-emulation/emul-linux-x86-java-1.6.0.39 =dev-java/sun-jdk-1.6.0.39 =dev-java/sun-jre-bin-1.6.0.39 The following need to be stabilized on x86: =dev-java/sun-jdk-1.6.0.39 =dev-java/sun-jre-bin-1.6.0.39 =dev-java/oracle-jdk-bin-1.7.0.13 =dev-java/oracle-jre-bin-1.7.0.13 amd64 stable x86 stable Adding bug to existing GLSA draft. Adding CVEs to bug at a later time. CVE-2013-1481 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. CVE-2013-1479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-1473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2013-0449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. CVE-2013-0448 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2013-0446 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. CVE-2013-0445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2013-0438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. CVE-2013-0437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2013-0430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client. CVE-2013-0423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. CVE-2013-0419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. CVE-2013-0409 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. CVE-2013-0351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. CVE-2012-3342 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. CVE-2012-3213 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. CVE-2012-1541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. This issue was resolved and addressed in GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml by GLSA coordinator Sean Amoss (ackle). |