CVE-2013-2431
Publication date 17 April 2013
Last updated 24 July 2024
Ubuntu priority
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using “method handle intrinsic frames.”
Status
Package | Ubuntu Release | Status |
---|---|---|
icedtea-web | 13.04 raring |
Not affected
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Not affected
|
|
11.10 oneiric |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Not in release | |
openjdk-6 | 13.04 raring |
Fixed 6b27-1.12.5-1ubuntu1
|
12.10 quantal |
Fixed 6b27-1.12.5-0ubuntu0.12.10.1
|
|
12.04 LTS precise |
Fixed 6b27-1.12.5-0ubuntu0.12.04.1
|
|
11.10 oneiric |
Fixed 6b27-1.12.5-0ubuntu0.11.10.1
|
|
10.04 LTS lucid |
Fixed 6b27-1.12.5-0ubuntu0.10.04.1
|
|
8.04 LTS hardy | Ignored end of life | |
openjdk-6b18 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Ignored end of life | |
10.04 LTS lucid | Ignored end of life | |
8.04 LTS hardy | Not in release | |
openjdk-7 | 13.04 raring |
Fixed 7u21-2.3.9-1ubuntu1
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Not affected
|
|
11.10 oneiric |
Not affected
|
|
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |
Notes
mdeslaur
in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand
sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked as of 2013-04-19, IcedTea has not released 1.12.5 to fix this issue does not affect icedtea 2.3
References
Related Ubuntu Security Notices (USN)
- USN-1819-1
- OpenJDK 6 vulnerabilities
- 7 May 2013
- USN-1806-1
- OpenJDK 7 vulnerabilities
- 23 April 2013