Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 457206

Summary: <dev-java/icedtea-{bin}-6.1.12.2, <dev-java/icedtea-{bin}-7.2.3.6 Multiple vulnerabilities (CVE-2013-{0424,0425,0426,0427,0428,0429,0431,0432,0433,0434,0435,0440,0441,0442,0443,0444,0450,1475,1476,1478,1480})
Product: Gentoo Security Reporter: Vlastimil Babka (Caster) (RETIRED) <caster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: java, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://blog.fuseyism.com/index.php/2013/02/13/security-icedtea-2-3-6-released/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 455174    
Bug Blocks:    

Description Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2013-02-14 06:09:18 UTC
http://blog.fuseyism.com/index.php/2013/02/13/security-icedtea-2-3-6-released/

http://blog.fuseyism.com/index.php/2013/02/12/icedtea6-1-11-7-1-12-2-released/

Many security fixes are included in this release.
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2013-02-14 06:15:58 UTC
Please stabilize icedtea-bin-6.1.12.2.
Comment 2 Agostino Sarubbo gentoo-dev 2013-02-14 13:08:46 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-02-14 13:10:14 UTC
x86 stable
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-02-15 19:20:48 UTC
CVE-2013-1480 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via vectors related to AWT.

CVE-2013-1478 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  2D.

CVE-2013-1476 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via vectors related to CORBA, a
  different vulnerability than CVE-2013-0441 and CVE-2013-1475.

CVE-2013-1475 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via vectors related to CORBA.

CVE-2013-0450 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through
  Update 38 allows remote attackers to affect confidentiality, integrity, and
  availability via vectors related to JMX.

CVE-2013-0444 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Beans.

CVE-2013-0443 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality and integrity via vectors related to JSSE.

CVE-2013-0442 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via vectors related to AWT.

CVE-2013-0441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via vectors related to CORBA, a
  different vulnerability than CVE-2013-1476 and CVE-2013-1475.

CVE-2013-0440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect availability
  via vectors related to JSSE.

CVE-2013-0435 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality via vectors related to JAX-WS.

CVE-2013-0434 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality via vectors related to JAXP.

CVE-2013-0433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through
  Update 38 allows remote attackers to affect integrity via unknown vectors
  related to Networking.

CVE-2013-0432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality and integrity via vectors related to AWT.

CVE-2013-0431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 allows user-assisted remote attackers to
  bypass the Java security sandbox via unspecified vectors related to JMX, aka
  "Issue 52," a different vulnerability than CVE-2013-1490.

CVE-2013-0429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through
  Update 38 allows remote attackers to affect confidentiality, integrity, and
  availability via vectors related to CORBA.

CVE-2013-0428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426.

CVE-2013-0427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through
  Update 38 allows remote attackers to affect integrity via unknown vectors
  related to Libraries.

CVE-2013-0426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428.

CVE-2013-0425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426.

CVE-2013-0424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0424):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update
  38, and 1.4.2_40 and earlier allows remote attackers to affect integrity via
  vectors related to RMI.
Comment 5 Sean Amoss (RETIRED) gentoo-dev Security 2013-02-15 19:29:29 UTC
Added to existing GLSA draft.
Comment 6 James Le Cuirot gentoo-dev 2015-05-10 21:52:25 UTC
I'm just going to close this since no one cares. These versions have long gone.