Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 466212 (CVE-2013-0401) - <dev-java/sun-{jdk,jre-bin}-1.6.0.45, <dev-java/oracle-{jdk,jre-bin}-1.7.0.21, <app-emulation/emul-linux-x86-java-1.6.0.45: Multiple Vulnerabilities (CVE-2013-{0401,0402,1488,1491,1518,1537,1540,1557,1558,1561,1563,1564,1569,2383,2384,2394,2414,2415,...})
Summary: <dev-java/sun-{jdk,jre-bin}-1.6.0.45, <dev-java/oracle-{jdk,jre-bin}-1.7.0.21...
Status: RESOLVED FIXED
Alias: CVE-2013-0401
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://secunia.com/advisories/53008/
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-17 10:20 UTC by Agostino Sarubbo
Modified: 2014-01-27 01:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-04-17 10:20:08 UTC
From ${URL} :

Description
Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to manipulate certain data and gain escalated privileges and by 
malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

1) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

2) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

3) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

4) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

5) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

6) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

7) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

8) An unspecified error in the Beans component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

9) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

10) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

11) An unspecified error in the Hotspot component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

12) An unspecified error in the Install component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

13) An unspecified error in the JAXP component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

14) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

15) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

16) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

17) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

18) An unspecified error in the RMI component of the client and server deployment can be exploited to potentially execute arbitrary code.

19) An unspecified error in the RMI component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

20) An unspecified error in the HotSpot component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

21) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

22) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

23) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

24) An unspecified error in the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

25) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially 
execute arbitrary code.

26) An unspecified error in the ImageIO component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

27) An unspecified error in the ImageIO component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

28) An unspecified error in the Install component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
potentially execute arbitrary code.

29) An unspecified error in the Install component of the client deployment can be exploited by a local user to gain escalated privileges.

30) An unspecified error in the AWT component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose and 
manipulate certain data.

31) An unspecified error in the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to cause a DoS.

32) An unspecified error in the JMX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose 
certain data.

33) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to disclose 
certain data.

34) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
manipulate certain data.

35) An unspecified error in the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
manipulate certain data.

36) An unspecified error in the Networking component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to cause 
a DoS.

37) An unspecified error in the Deployment component of the client deployment can be exploited by a local user to gain escalated privileges.

38) An unspecified error in the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
manipulate certain data.

39) An unspecified error in the Network component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
manipulate certain data.

40) An unspecified error in the Network component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
manipulate certain data.

41) An unspecified error in the Hotspot component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to 
manipulate certain data.

42) An unspecified error in the JAX-WS component of the client and server deployment can be exploited by local users to manipulate certain data.

The vulnerabilities are reported in the following products:
* JDK and JRE 7 Update 17 and prior
* JDK and JRE 6 Update 43 and prior
* JDK and JRE 5.0 Update 41 and prior


Solution
Apply updates.
Further details available to Secunia VIM customers

Provided and/or discovered by
It is currently unclear who reported the vulnerabilities as the Oracle Java SE Critical Patch Update for April 2013 only provides a bundled list of credits. This section 
will be updated when/if the original reporter provides more information.

Original Advisory
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
http://www.oracle.com/technetwork/topics/security/javacpuapr2013verbose-1928687.html


@maintainer(s): after the bump, please say explicitly if the package is ready for the stabilization or not
Comment 1 Ralph Sennhauser (RETIRED) gentoo-dev 2013-04-17 13:36:17 UTC
Version bumps are now in tree.

The following need to be stabilized on amd64:

=app-emulation/emul-linux-x86-java-1.6.0.45
=dev-java/sun-jdk-1.6.0.45
=dev-java/sun-jre-bin-1.6.0.45

The following need to be stabilized on x86:

=dev-java/sun-jdk-1.6.0.45
=dev-java/sun-jre-bin-1.6.0.45
=dev-java/oracle-jdk-bin-1.7.0.21
=dev-java/oracle-jre-bin-1.7.0.21
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-04-19 11:12:38 UTC
CVE-2013-2440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Deployment, a different vulnerability than
  CVE-2013-2435.

CVE-2013-2439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update
  41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Install.

CVE-2013-2438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect
  integrity via unknown vectors related to JavaFX.

CVE-2013-2436 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426.

CVE-2013-2435 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Deployment, a different vulnerability than
  CVE-2013-2440.

CVE-2013-2434 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to 2D.

CVE-2013-2433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows
  remote attackers to affect integrity via unknown vectors related to
  Deployment, a different vulnerability than CVE-2013-1540.

CVE-2013-2432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update
  41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to
  affect confidentiality, integrity, and availability via unknown vectors
  related to 2D, a different vulnerability than CVE-2013-2394 and
  CVE-2013-1491.

CVE-2013-2431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  HotSpot.

CVE-2013-2430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update
  41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to
  affect confidentiality, integrity, and availability via unknown vectors
  related to ImageIO.

CVE-2013-2429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to ImageIO.

CVE-2013-2428 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to JavaFX, a different vulnerability than
  CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427.

CVE-2013-2427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to JavaFX, a different vulnerability than
  CVE-2013-0402, CVE-2013-2414, and CVE-2013-2428.

CVE-2013-2426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2436.

CVE-2013-2425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Install.

CVE-2013-2424 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect confidentiality via
  vectors related to JMX.

CVE-2013-2423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect
  integrity via unknown vectors related to HotSpot.

CVE-2013-2422 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Libraries.

CVE-2013-2421 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  HotSpot.

CVE-2013-2420 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to 2D, a different
  vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2384.

CVE-2013-2419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect availability via
  unknown vectors related to 2D.

CVE-2013-2418 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows
  local users to affect confidentiality, integrity, and availability via
  unknown vectors related to Deployment.

CVE-2013-2417 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect availability via
  unknown vectors related to Networking.

CVE-2013-2416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect
  integrity via unknown vectors related to Deployment.

CVE-2013-2415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier allows local users to affect
  confidentiality via vectors related to JAX-WS.

CVE-2013-2414 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to JavaFX, a different vulnerability than
  CVE-2013-0402, CVE-2013-2427, and CVE-2013-2428.

CVE-2013-2394 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update
  41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to
  affect confidentiality, integrity, and availability via unknown vectors
  related to 2D, a different vulnerability than CVE-2013-2432 and
  CVE-2013-1491.

CVE-2013-2384 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to 2D, a different
  vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420.

CVE-2013-2383 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to 2D, a different
  vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420.

CVE-2013-1569 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to 2D, a different
  vulnerability than CVE-2013-2383, CVE-2013-2384, and CVE-2013-2420.

CVE-2013-1564 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows
  remote attackers to affect integrity via unknown vectors related to JavaFX.

CVE-2013-1563 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX
  2.2.7 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to Install.

CVE-2013-1561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows
  remote attackers to affect confidentiality via unknown vectors related to
  JavaFX.

CVE-2013-1558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Beans.

CVE-2013-1557 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to RMI.

CVE-2013-1540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows
  remote attackers to affect integrity via unknown vectors related to
  Deployment, a different vulnerability than CVE-2013-2433.

CVE-2013-1537 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to RMI.

CVE-2013-1518 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
  Update 41 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to JAXP.

CVE-2013-1491 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491):
  The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17
  and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX
  2.2.7 and earlier allows remote attackers to execute arbitrary code via
  vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own
  competition at CanSecWest 2013.

CVE-2013-1488 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488):
  The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17
  and earlier allows remote attackers to execute arbitrary code via
  unspecified vectors involving reflection and Libraries, as demonstrated by
  James Forshaw during a Pwn2Own competition at CanSecWest 2013.

CVE-2013-0402 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402):
  Heap-based buffer overflow in the Java Runtime Environment (JRE) component
  in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier
  allows remote attackers to execute arbitrary code via unspecified vectors
  related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at
  CanSecWest 2013.

CVE-2013-0401 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401):
  The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17
  and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows
  remote attackers to execute arbitrary code via vectors related to AWT, as
  demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013.
Comment 3 Agostino Sarubbo gentoo-dev 2013-04-23 09:08:02 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-04-23 09:10:49 UTC
x86 stable
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-01-27 01:28:07 UTC
This issue was resolved and addressed in
 GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml
by GLSA coordinator Sean Amoss (ackle).