CVE-2013-1488

Published: 08 March 2013

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.

Priority

Medium

Status

Package Release Status
openjdk-6
Launchpad, Ubuntu, Debian 		Upstream Deferred
(2013-04-19)
openjdk-6b18
Launchpad, Ubuntu, Debian 		Upstream Deferred
(2013-04-19)
openjdk-7
Launchpad, Ubuntu, Debian 		Upstream Deferred
(2013-04-19)

Notes

AuthorNote
jdstrand 
No current information on this issue as of 2013-04-19

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading