Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:9259
[Rus]
Version
4
Class
patch
ALTXid
82912
Language
English
Severity
High
Title
openSUSE-SU-2013:0377-1 -- java-1_7_0-openjdk: update to 2.3.6
Description
java-1_7_0-openjdk was updated to icedtea-2.3.6 (bnc#803379) containing various security and bugfixes
Family
unix
Platform
openSUSE 12.2
Product
java-1_7_0-openjdk
Reference
VENDOR: openSUSE-SU-2013:0377-1
VENDOR: openSUSE-SU-2013:0377-1
Id:
openSUSE-SU-2013:0377-1
Reference:
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
CVE: CVE-2013-0424
CVE: CVE-2013-0424
Id:
CVE-2013-0424
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=906813 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e173569e1e7 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
MDVSA-2013:095 (MANDRIVA)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
GLSA-201406-32 (GENTOO)
57715 (BID)
oval:org.mitre.oval:def:19522 (OVAL)
oval:org.mitre.oval:def:19423 (OVAL)
oval:org.mitre.oval:def:19131 (OVAL)
oval:org.mitre.oval:def:16519 (OVAL)
CVE: CVE-2013-0425
CVE: CVE-2013-0425
Id:
CVE-2013-0425
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57709 (BID)
oval:org.mitre.oval:def:19503 (OVAL)
oval:org.mitre.oval:def:19502 (OVAL)
oval:org.mitre.oval:def:19483 (OVAL)
oval:org.mitre.oval:def:16058 (OVAL)
CVE: CVE-2013-0426
CVE: CVE-2013-0426
Id:
CVE-2013-0426
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57711 (BID)
oval:org.mitre.oval:def:19484 (OVAL)
oval:org.mitre.oval:def:19471 (OVAL)
oval:org.mitre.oval:def:19261 (OVAL)
oval:org.mitre.oval:def:15888 (OVAL)
CVE: CVE-2013-0427
CVE: CVE-2013-0427
Id:
CVE-2013-0427
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907455 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/87d135824bdf (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57724 (BID)
oval:org.mitre.oval:def:19488 (OVAL)
oval:org.mitre.oval:def:19245 (OVAL)
oval:org.mitre.oval:def:18641 (OVAL)
oval:org.mitre.oval:def:16013 (OVAL)
CVE: CVE-2013-0428
CVE: CVE-2013-0428
Id:
CVE-2013-0428
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=907207 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c9534e095b37 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57713 (BID)
oval:org.mitre.oval:def:19491 (OVAL)
oval:org.mitre.oval:def:19480 (OVAL)
oval:org.mitre.oval:def:19474 (OVAL)
oval:org.mitre.oval:def:16496 (OVAL)
CVE: CVE-2013-0429
CVE: CVE-2013-0429
Id:
CVE-2013-0429
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
CVSSv2 Score:
7.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907460 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/c1ed8145c1b8 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57710 (BID)
oval:org.mitre.oval:def:19457 (OVAL)
oval:org.mitre.oval:def:19342 (OVAL)
oval:org.mitre.oval:def:19300 (OVAL)
oval:org.mitre.oval:def:16649 (OVAL)
CVE: CVE-2013-0431
CVE: CVE-2013-0431
Id:
CVE-2013-0431
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0431
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717 (MISC)
20130118 [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable (FULLDISC)
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 (MISC)
20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable (BUGTRAQ)
20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable (FULLDISC)
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/ (MISC)
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0247 (REDHAT)
openSUSE-SU-2013:0377 (SUSE)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
oval:org.mitre.oval:def:19418 (OVAL)
oval:org.mitre.oval:def:16579 (OVAL)
CVE: CVE-2013-0432
CVE: CVE-2013-0432
Id:
CVE-2013-0432
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907219 (CONFIRM)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/e46d557465da (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57727 (BID)
oval:org.mitre.oval:def:19489 (OVAL)
oval:org.mitre.oval:def:19426 (OVAL)
oval:org.mitre.oval:def:19181 (OVAL)
oval:org.mitre.oval:def:16567 (OVAL)
CVE: CVE-2013-0433
CVE: CVE-2013-0433
Id:
CVE-2013-0433
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=907456 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57719 (BID)
oval:org.mitre.oval:def:19468 (OVAL)
oval:org.mitre.oval:def:19459 (OVAL)
oval:org.mitre.oval:def:19405 (OVAL)
oval:org.mitre.oval:def:16537 (OVAL)
CVE: CVE-2013-0434
CVE: CVE-2013-0434
Id:
CVE-2013-0434
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b (CONFIRM)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57730 (BID)
oval:org.mitre.oval:def:19505 (OVAL)
oval:org.mitre.oval:def:19430 (OVAL)
oval:org.mitre.oval:def:19272 (OVAL)
oval:org.mitre.oval:def:16528 (OVAL)
CVE: CVE-2013-0435
CVE: CVE-2013-0435
Id:
CVE-2013-0435
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291 (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
MDVSA-2013:095 (MANDRIVA)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
GLSA-201406-32 (GENTOO)
57729 (BID)
oval:org.mitre.oval:def:19520 (OVAL)
oval:org.mitre.oval:def:19078 (OVAL)
oval:org.mitre.oval:def:16489 (OVAL)
CVE: CVE-2013-0440
CVE: CVE-2013-0440
Id:
CVE-2013-0440
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
https://bugzilla.redhat.com/show_bug.cgi?id=859140 (CONFIRM)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/5c1e8b779c65 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57712 (BID)
oval:org.mitre.oval:def:19397 (OVAL)
oval:org.mitre.oval:def:19285 (OVAL)
oval:org.mitre.oval:def:19229 (OVAL)
oval:org.mitre.oval:def:16558 (OVAL)
CVE: CVE-2013-0441
CVE: CVE-2013-0441
Id:
CVE-2013-0441
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907458 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/307ddc7799c7 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57692 (BID)
oval:org.mitre.oval:def:19509 (OVAL)
oval:org.mitre.oval:def:19289 (OVAL)
oval:org.mitre.oval:def:19266 (OVAL)
oval:org.mitre.oval:def:16566 (OVAL)
CVE: CVE-2013-0442
CVE: CVE-2013-0442
Id:
CVE-2013-0442
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69 (CONFIRM)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906899 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57687 (BID)
oval:org.mitre.oval:def:19434 (OVAL)
oval:org.mitre.oval:def:19126 (OVAL)
oval:org.mitre.oval:def:18597 (OVAL)
oval:org.mitre.oval:def:16035 (OVAL)
CVE: CVE-2013-0443
CVE: CVE-2013-0443
Id:
CVE-2013-0443
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
CVSSv2 Score:
4
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=907340 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
MDVSA-2013:095 (MANDRIVA)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
GLSA-201406-32 (GENTOO)
57702 (BID)
oval:org.mitre.oval:def:19437 (OVAL)
oval:org.mitre.oval:def:19382 (OVAL)
oval:org.mitre.oval:def:19010 (OVAL)
oval:org.mitre.oval:def:15832 (OVAL)
CVE: CVE-2013-0444
CVE: CVE-2013-0444
Id:
CVE-2013-0444
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0444
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code.
CVSSv2 Score:
7.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907218 (CONFIRM)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
oval:org.mitre.oval:def:19349 (OVAL)
oval:org.mitre.oval:def:16614 (OVAL)
CVE: CVE-2013-0450
CVE: CVE-2013-0450
Id:
CVE-2013-0450
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e0d9f4942af (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=906911 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57703 (BID)
oval:org.mitre.oval:def:19572 (OVAL)
oval:org.mitre.oval:def:19363 (OVAL)
oval:org.mitre.oval:def:19286 (OVAL)
oval:org.mitre.oval:def:16550 (OVAL)
CVE: CVE-2013-1475
CVE: CVE-2013-1475
Id:
CVE-2013-1475
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=860652 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/127e4c348a71 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
http://www-01.ibm.com/support/docview.wss?uid=swg21631786 (CONFIRM)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57694 (BID)
oval:org.mitre.oval:def:19593 (OVAL)
oval:org.mitre.oval:def:19325 (OVAL)
oval:org.mitre.oval:def:19238 (OVAL)
oval:org.mitre.oval:def:16613 (OVAL)
CVE: CVE-2013-1476
CVE: CVE-2013-1476
Id:
CVE-2013-1476
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/5116fe321210 (CONFIRM)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907457 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57696 (BID)
oval:org.mitre.oval:def:19507 (OVAL)
oval:org.mitre.oval:def:19475 (OVAL)
oval:org.mitre.oval:def:19466 (OVAL)
oval:org.mitre.oval:def:16652 (OVAL)
CVE: CVE-2013-1478
CVE: CVE-2013-1478
Id:
CVE-2013-1478
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=906894 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/d89bd26ac435 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
http://www-01.ibm.com/support/docview.wss?uid=swg21645566 (CONFIRM)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
MDVSA-2013:095 (MANDRIVA)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
GLSA-201406-32 (GENTOO)
57686 (BID)
oval:org.mitre.oval:def:19529 (OVAL)
oval:org.mitre.oval:def:19454 (OVAL)
oval:org.mitre.oval:def:19429 (OVAL)
oval:org.mitre.oval:def:15733 (OVAL)
CVE: CVE-2013-1480
CVE: CVE-2013-1480
Id:
CVE-2013-1480
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=906904 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/50e268c1fb1f (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57691 (BID)
oval:org.mitre.oval:def:19504 (OVAL)
oval:org.mitre.oval:def:19351 (OVAL)
oval:org.mitre.oval:def:18845 (OVAL)
oval:org.mitre.oval:def:16045 (OVAL)
Content available only for registered users!
ovaldb@altx-soft.com