Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 455174

Summary: <dev-java/sun-{jdk,jre-bin}-1.6.0.39, <app-emul/emul-linux-x86-java-1.6.0.39, <dev-java/oracle-{jdk,jre}-bin-1.7.0.13: Multiple vulnerabilities (CVE-2012-{1541,3213,3342},CVE-2013-{0351,0409,0419,0423,0430,0437,0438,0445,0446,0448,0449,1473,1479,1481})
Product: Gentoo Security Reporter: wyvern5
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: god, java, krinpaus
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.oracle.com/technetwork/java/javase/7u13-relnotes-1902884.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 457206    

Description wyvern5 2013-02-02 18:39:49 UTC 
http://www.oracle.com/technetwork/java/javase/7u13-relnotes-1902884.html

Many security fixes are included in this release.
Comment 1 Ralph Sennhauser (RETIRED) gentoo-dev 2013-02-03 10:03:31 UTC 
Version bumps are now in tree.

The following need to be stabilized on amd64:

=app-emulation/emul-linux-x86-java-1.6.0.39
=dev-java/sun-jdk-1.6.0.39
=dev-java/sun-jre-bin-1.6.0.39

The following need to be stabilized on x86:

=dev-java/sun-jdk-1.6.0.39
=dev-java/sun-jre-bin-1.6.0.39
=dev-java/oracle-jdk-bin-1.7.0.13
=dev-java/oracle-jre-bin-1.7.0.13
Comment 2 Agostino Sarubbo gentoo-dev 2013-02-03 17:02:43 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-02-14 13:14:43 UTC 
x86 stable
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2013-02-20 23:45:12 UTC 
Adding bug to existing GLSA draft. 

Adding CVEs to bug at a later time.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-03-07 00:09:00 UTC 
CVE-2013-1481 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and
  earlier allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors related to Sound.

CVE-2013-1479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4
  and earlier allows remote attackers to affect confidentiality, integrity,
  and availability via unknown vectors.

CVE-2013-1473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect integrity via unknown vectors related to Deployment.

CVE-2013-0449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 allows remote attackers to affect
  confidentiality via unknown vectors related to Deployment.

CVE-2013-0448 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 allows remote attackers to affect
  integrity via unknown vectors related to Libraries.

CVE-2013-0446 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.

CVE-2013-0445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through
  Update 38 allows remote attackers to affect confidentiality, integrity, and
  availability via vectors related to AWT.

CVE-2013-0438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality via unknown vectors related to
  Deployment.

CVE-2013-0437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to 2D.

CVE-2013-0430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local
  users to affect confidentiality, integrity, and availability via unknown
  vectors related to the installation process of the client.

CVE-2013-0423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.

CVE-2013-0419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.

CVE-2013-0409 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through
  Update 38 allows remote attackers to affect confidentiality via vectors
  related to JMX.

CVE-2013-0351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.

CVE-2012-3342 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.

CVE-2012-3213 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Scripting.

CVE-2012-1541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-01-27 01:27:54 UTC 
This issue was resolved and addressed in
 GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml
by GLSA coordinator Sean Amoss (ackle).