{ "schema_version": "1.7.0", "id": "MGASA-2013-0322", "published": "2013-11-13T19:03:04Z", "modified": "2013-11-13T19:03:00Z", "summary": "Updated java-1.7.0-openjdk package fixes security vulnerabilities", "details": "Multiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine\n(CVE-2013-5782).\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine (CVE-2013-5830).\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842,\nCVE-2013-5850, CVE-2013-5838).\n\nMultiple input checking flaws were discovered in the JPEG image reading\nand writing code in the 2D component. An untrusted Java application or\napplet could use these flaws to corrupt the Java Virtual Machine memory\nand bypass Java sandbox restrictions (CVE-2013-5809).\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions (CVE-2013-5802).\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a crafted\nXML that would cause a Java application to use an excessive amount of CPU\nand memory when processed (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823).\n\nMultiple improper permission check issues were discovered in the Libraries\nSwing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784).\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory (CVE-2013-5778).\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks (CVE-2013-5804,\nCVE-2013-5797).\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data (CVE-2013-5780).\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory of a\nJava program analyzed using jhat could possibly be used to conduct\ncross-site scripting attacks (CVE-2013-5772).\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit (CVE-2013-5803).\n\nThis updates IcedTea to version 2.4.3, which fixes these issues, as well\nas several others.\n", "upstream": [ "CVE-2013-5782", "CVE-2013-5830", "CVE-2013-5829", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5842", "CVE-2013-5850", "CVE-2013-5838", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5825", "CVE-2013-4002", "CVE-2013-5823", "CVE-2013-3829", "CVE-2013-5840", "CVE-2013-5774", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5851", "CVE-2013-5800", "CVE-2013-5849", "CVE-2013-5790", "CVE-2013-5784", "CVE-2013-5778", "CVE-2013-5804", "CVE-2013-5797", "CVE-2013-5780", "CVE-2013-5772", "CVE-2013-5803" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2013-0322.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=11508" }, { "type": "WEB", "url": "http://blog.fuseyism.com/index.php/2013/10/23/security-icedtea-2-4-3-released/" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "type": "WEB", "url": "https://rhn.redhat.com/errata/RHSA-2013-1451.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:2", "name": "java-1.7.0-openjdk", "purl": "pkg:rpm/mageia/java-1.7.0-openjdk?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.7.0.60-2.4.3.1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "java-1.7.0-openjdk", "purl": "pkg:rpm/mageia/java-1.7.0-openjdk?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.7.0.60-2.4.3.1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }