CVE-2013-1488

Published: 08 March 2013

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.

Priority

Medium

Status

Package Release Status
openjdk-6
Launchpad, Ubuntu, Debian 		Upstream Deferred
(2013-04-19)
openjdk-6b18
Launchpad, Ubuntu, Debian 		Upstream Deferred
(2013-04-19)
openjdk-7
Launchpad, Ubuntu, Debian 		Upstream Deferred
(2013-04-19)

Notes

AuthorNote
jdstrand 
No current information on this issue as of 2013-04-19

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading