CVE-2013-0443
Published: 1 February 2013
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
Priority
Status
Package | Release | Status |
---|---|---|
openjdk-6
Launchpad, Ubuntu, Debian |
hardy |
Released
(6b27-1.12.3-0ubuntu1~08.04.1)
|
lucid |
Released
(6b27-1.12.1-2ubuntu0.10.04.2)
|
|
oneiric |
Released
(6b27-1.12.1-2ubuntu0.11.10.2)
|
|
precise |
Released
(6b27-1.12.1-2ubuntu0.12.04.2)
|
|
quantal |
Released
(6b27-1.12.1-2ubuntu0.12.10.2)
|
|
upstream |
Pending
(6b24-1.11.6, 6b27-1.12.1)
|
|
openjdk-6b18
Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
openjdk-7
Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Released
(7u13-2.3.6-0ubuntu0.11.10.2)
|
|
precise |
Released
(7u13-2.3.6-0ubuntu0.12.04.1)
|
|
quantal |
Released
(7u13-2.3.6-0ubuntu0.12.10.1)
|
|
upstream |
Pending
(7u9-2.3.5)
|
|
sun-java5
Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
sun-java6
Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
(removed from archive)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
References
- http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021708.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021728.html
- https://ubuntu.com/security/notices/USN-1724-1
- https://www.cve.org/CVERecord?id=CVE-2013-0443
- NVD
- Launchpad
- Debian