Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 458410 (CVE-2013-1486)

Summary: <dev-java/icedtea-{bin}-{6.1.12.4,7.2.3.8}: Multiple vulnerabilities (CVE-2013-{0169,1484,1485,1486})
Product: Gentoo Security Reporter: Ralph Sennhauser (RETIRED) <sera>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gnu_andrew, jamiahx, java, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-1-11-8-1-12-3-for-openjdk-6-released/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Ralph Sennhauser (RETIRED) gentoo-dev 2013-02-20 06:47:38 UTC
As subject says. See URL.
Comment 1 Ralph Sennhauser (RETIRED) gentoo-dev 2013-02-20 09:09:34 UTC
Now in tree:

=dev-java/icedtea-6.1.12.3
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2013-02-23 19:14:02 UTC
*** Bug 458620 has been marked as a duplicate of this bug. ***
Comment 3 jeremiah 2013-02-25 14:29:12 UTC
#458620 has been marked the duplicate of this bug (#458410), but the naming is misleading.
Since '620 will be solved here, the name of '410 should be changed to something like (no quotes):
"<dev-java/icedtea-{bin}-6.1.12.3:6, <dev-java/icedtea-{bin}-7.2.3.7:7 : Multiple Vulnerabilities (CVE-2013-{0169,1484,1485,1486})"

Yes, it's petty, but i'm kinda OCD with computer-related things.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-03-04 21:57:07 UTC
CVE-2013-1486 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0
  Update 39 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to JMX.

CVE-2013-1485 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect
  integrity via unknown vectors related to Libraries.

CVE-2013-1484 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Libraries.

CVE-2013-0169 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169):
  The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in
  OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider
  timing side-channel attacks on a MAC check requirement during the processing
  of malformed CBC padding, which allows remote attackers to conduct
  distinguishing attacks and plaintext-recovery attacks via statistical
  analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Comment 5 Sean Amoss (RETIRED) gentoo-dev Security 2013-04-20 11:46:57 UTC
Added to existing GLSA draft.
Comment 6 James Le Cuirot gentoo-dev 2015-05-10 21:56:48 UTC
I'm just going to close this since no one cares. These versions have long gone.