CVE-2013-2444
Publication date 18 June 2013
Last updated 24 July 2024
Ubuntu priority
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not “properly manage and restrict certain resources related to the processing of fonts,” possibly involving temporary files.
Status
Package | Ubuntu Release | Status |
---|---|---|
openjdk-6 | 13.04 raring |
Fixed 6b27-1.12.6-1ubuntu0.13.04.2
|
12.10 quantal |
Fixed 6b27-1.12.6-1ubuntu0.12.10.2
|
|
12.04 LTS precise |
Fixed 6b27-1.12.6-1ubuntu0.12.04.1
|
|
10.04 LTS lucid |
Fixed 6b27-1.12.6-1ubuntu0.10.04.1
|
|
openjdk-6b18 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
10.04 LTS lucid | Ignored end of life | |
openjdk-7 | 13.04 raring |
Fixed 7u25-2.3.10-1ubuntu0.13.04.2
|
12.10 quantal |
Fixed 7u25-2.3.10-1ubuntu0.12.10.2
|
|
12.04 LTS precise |
Fixed 7u25-2.3.10-1ubuntu0.12.04.2
|
|
10.04 LTS lucid | Not in release |
Notes
mdeslaur
in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand
sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked as of 2013-06-19, upstream IcedTea updates are not available updates break the icedtea-web plugin and it will need this fix: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-June/023745.html
References
Related Ubuntu Security Notices (USN)
- USN-1908-1
- OpenJDK 6 vulnerabilities
- 23 July 2013
- USN-1907-1
- OpenJDK 7 vulnerabilities
- 16 July 2013