CVE-2013-1488

Publication date 8 March 2013

Last updated 24 July 2024


Ubuntu priority

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.

Read the notes from the security team

Status

Package Ubuntu Release Status
openjdk-6 13.04 raring
Fixed 6b27-1.12.5-1ubuntu1
12.10 quantal
Fixed 6b27-1.12.5-0ubuntu0.12.10.1
12.04 LTS precise
Fixed 6b27-1.12.5-0ubuntu0.12.04.1
11.10 oneiric
Fixed 6b27-1.12.5-0ubuntu0.11.10.1
10.04 LTS lucid
Fixed 6b27-1.12.5-0ubuntu0.10.04.1
8.04 LTS hardy Ignored end of life
openjdk-6b18 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Ignored end of life
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Not in release
openjdk-7 13.04 raring
Fixed 7u21-2.3.9-1ubuntu1
12.10 quantal
Fixed 2013-04-19
12.04 LTS precise
Fixed 7u21-2.3.9-0ubuntu0.12.04.1
11.10 oneiric
Fixed 7u21-2.3.9-0ubuntu0.11.10.1
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

Notes


jdstrand

No current information on this issue as of 2013-04-19