Summary: | <dev-java/sun-{jdk,jre-bin}-1.6.0.45, <dev-java/oracle-{jdk,jre-bin}-1.7.0.21, <app-emulation/emul-linux-x86-java-1.6.0.45: Multiple Vulnerabilities (CVE-2013-{0401,0402,1488,1491,1518,1537,1540,1557,1558,1561,1563,1564,1569,2383,2384,2394,2414,2415,...}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ap, java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/53008/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-04-17 10:20:08 UTC
Version bumps are now in tree. The following need to be stabilized on amd64: =app-emulation/emul-linux-x86-java-1.6.0.45 =dev-java/sun-jdk-1.6.0.45 =dev-java/sun-jre-bin-1.6.0.45 The following need to be stabilized on x86: =dev-java/sun-jdk-1.6.0.45 =dev-java/sun-jre-bin-1.6.0.45 =dev-java/oracle-jdk-bin-1.7.0.21 =dev-java/oracle-jre-bin-1.7.0.21 CVE-2013-2440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435. CVE-2013-2439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install. CVE-2013-2438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX. CVE-2013-2436 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. CVE-2013-2435 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440. CVE-2013-2434 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2013-2433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540. CVE-2013-2432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491. CVE-2013-2431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. CVE-2013-2430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. CVE-2013-2429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. CVE-2013-2428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427. CVE-2013-2427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2428. CVE-2013-2426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2436. CVE-2013-2425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. CVE-2013-2424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality via vectors related to JMX. CVE-2013-2423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to HotSpot. CVE-2013-2422 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2013-2421 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. CVE-2013-2420 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2384. CVE-2013-2419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect availability via unknown vectors related to 2D. CVE-2013-2418 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2013-2417 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect availability via unknown vectors related to Networking. CVE-2013-2416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2013-2415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows local users to affect confidentiality via vectors related to JAX-WS. CVE-2013-2414 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2427, and CVE-2013-2428. CVE-2013-2394 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491. CVE-2013-2384 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. CVE-2013-2383 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. CVE-2013-1569 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2383, CVE-2013-2384, and CVE-2013-2420. CVE-2013-1564 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX. CVE-2013-1563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. CVE-2013-1561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. CVE-2013-1558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. CVE-2013-1557 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. CVE-2013-1540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433. CVE-2013-1537 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. CVE-2013-1518 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. CVE-2013-1491 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491): The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013. CVE-2013-1488 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488): The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to execute arbitrary code via unspecified vectors involving reflection and Libraries, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013. CVE-2013-0402 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402): Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. CVE-2013-0401 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401): The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. amd64 stable x86 stable This issue was resolved and addressed in GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml by GLSA coordinator Sean Amoss (ackle). |