CVE-2013-2423
Publication date 17 April 2013
Last updated 21 August 2024
Ubuntu priority
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
Status
Package | Ubuntu Release | Status |
---|---|---|
icedtea-web | 13.04 raring |
Not affected
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Not affected
|
|
11.10 oneiric |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Not in release | |
openjdk-6 | 13.04 raring |
Not affected
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Not affected
|
|
11.10 oneiric |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Ignored end of life | |
openjdk-6b18 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Ignored end of life | |
10.04 LTS lucid | Ignored end of life | |
8.04 LTS hardy | Not in release | |
openjdk-7 | 13.04 raring |
Fixed 7u21-2.3.9-1ubuntu1
|
12.10 quantal |
Fixed 7u21-2.3.9-0ubuntu0.12.10.1
|
|
12.04 LTS precise |
Fixed 7u21-2.3.9-0ubuntu0.12.04.1
|
|
11.10 oneiric |
Fixed 7u21-2.3.9-0ubuntu0.11.10.1
|
|
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |
Notes
References
Related Ubuntu Security Notices (USN)
- USN-1806-1
- OpenJDK 7 vulnerabilities
- 23 April 2013