Summary: | <dev-java/icedtea-{bin}-6.1.12.2, <dev-java/icedtea-{bin}-7.2.3.6 Multiple vulnerabilities (CVE-2013-{0424,0425,0426,0427,0428,0429,0431,0432,0433,0434,0435,0440,0441,0442,0443,0444,0450,1475,1476,1478,1480}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Vlastimil Babka (Caster) (RETIRED) <caster> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | java, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://blog.fuseyism.com/index.php/2013/02/13/security-icedtea-2-3-6-released/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 455174 | ||
Bug Blocks: |
Description
Vlastimil Babka (Caster) (RETIRED)
2013-02-14 06:09:18 UTC
Please stabilize icedtea-bin-6.1.12.2. amd64 stable x86 stable CVE-2013-1480 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2013-1478 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2013-1476 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. CVE-2013-1475 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. CVE-2013-0450 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. CVE-2013-0444 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. CVE-2013-0443 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. CVE-2013-0442 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2013-0441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. CVE-2013-0440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect availability via vectors related to JSSE. CVE-2013-0435 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via vectors related to JAX-WS. CVE-2013-0434 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. CVE-2013-0433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Networking. CVE-2013-0432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality and integrity via vectors related to AWT. CVE-2013-0431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. CVE-2013-0429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. CVE-2013-0428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. CVE-2013-0427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2013-0426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. CVE-2013-0425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. CVE-2013-0424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0424): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect integrity via vectors related to RMI. Added to existing GLSA draft. I'm just going to close this since no one cares. These versions have long gone. |