Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 455174 - <dev-java/sun-{jdk,jre-bin}-1.6.0.39, <app-emul/emul-linux-x86-java-1.6.0.39, <dev-java/oracle-{jdk,jre}-bin-1.7.0.13: Multiple vulnerabilities (CVE-2012-{1541,3213,3342},CVE-2013-{0351,0409,0419,0423,0430,0437,0438,0445,0446,0448,0449,1473,1479,1481})
Summary: <dev-java/sun-{jdk,jre-bin}-1.6.0.39, <app-emul/emul-linux-x86-java-1.6.0.39,...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.oracle.com/technetwork/jav...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks: 457206
  Show dependency tree
 
Reported: 2013-02-02 18:39 UTC by wyvern5
Modified: 2014-01-27 01:27 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description wyvern5 2013-02-02 18:39:49 UTC
http://www.oracle.com/technetwork/java/javase/7u13-relnotes-1902884.html

Many security fixes are included in this release.
Comment 1 Ralph Sennhauser (RETIRED) gentoo-dev 2013-02-03 10:03:31 UTC
Version bumps are now in tree.

The following need to be stabilized on amd64:

=app-emulation/emul-linux-x86-java-1.6.0.39
=dev-java/sun-jdk-1.6.0.39
=dev-java/sun-jre-bin-1.6.0.39

The following need to be stabilized on x86:

=dev-java/sun-jdk-1.6.0.39
=dev-java/sun-jre-bin-1.6.0.39
=dev-java/oracle-jdk-bin-1.7.0.13
=dev-java/oracle-jre-bin-1.7.0.13
Comment 2 Agostino Sarubbo gentoo-dev 2013-02-03 17:02:43 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-02-14 13:14:43 UTC
x86 stable
Comment 4 Sean Amoss gentoo-dev Security 2013-02-20 23:45:12 UTC
Adding bug to existing GLSA draft. 

Adding CVEs to bug at a later time.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-03-07 00:09:00 UTC
CVE-2013-1481 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and
  earlier allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors related to Sound.

CVE-2013-1479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4
  and earlier allows remote attackers to affect confidentiality, integrity,
  and availability via unknown vectors.

CVE-2013-1473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect integrity via unknown vectors related to Deployment.

CVE-2013-0449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 allows remote attackers to affect
  confidentiality via unknown vectors related to Deployment.

CVE-2013-0448 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 allows remote attackers to affect
  integrity via unknown vectors related to Libraries.

CVE-2013-0446 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.

CVE-2013-0445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through
  Update 38 allows remote attackers to affect confidentiality, integrity, and
  availability via vectors related to AWT.

CVE-2013-0438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality via unknown vectors related to
  Deployment.

CVE-2013-0437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to 2D.

CVE-2013-0430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local
  users to affect confidentiality, integrity, and availability via unknown
  vectors related to the installation process of the client.

CVE-2013-0423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.

CVE-2013-0419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.

CVE-2013-0409 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through
  Update 38 allows remote attackers to affect confidentiality via vectors
  related to JMX.

CVE-2013-0351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.

CVE-2012-3342 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.

CVE-2012-3213 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Scripting.

CVE-2012-1541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors related to Deployment, a different vulnerability than other CVEs
  listed in the February 2013 CPU.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-01-27 01:27:54 UTC
This issue was resolved and addressed in
 GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml
by GLSA coordinator Sean Amoss (ackle).