Novell Home

CVE-2013-0424

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0424 at MITRE

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Note from the SUSE Security Team

This security problem affects also IBM Java on SUSE Linux Enterprise Server in various versions.

IBM is still working on a fix currently. As soon as a fix is provided we will be shipping updated IBM Java packages.

Please check the IBM JDK Alerts overview page for more information and the current IBM status.

Novell Bugzilla entries: 798535, 801972, 803379, 806786

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.7.7.1
Builds
ZYPP Patch Nr: 8497
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.7.7.1
Builds
ZYPP Patch Nr: 8497
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.7.7.1
  • java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr13.0-0.7.7.1
Builds
ZYPP Patch Nr: 8497
SLE 11 SP2 DEBUGINFO
  • java-1_6_0-openjdk-debuginfo >= 1.6.0.0_b27.1.12.2-0.2.1
  • java-1_6_0-openjdk-debugsource >= 1.6.0.0_b27.1.12.2-0.2.1
Builds
SAT Patch Nr: 7332
SUSE Linux Enterprise Desktop 11 SP2
  • java-1_6_0-openjdk >= 1.6.0.0_b27.1.12.2-0.2.1
  • java-1_6_0-openjdk-demo >= 1.6.0.0_b27.1.12.2-0.2.1
  • java-1_6_0-openjdk-devel >= 1.6.0.0_b27.1.12.2-0.2.1
Builds
SAT Patch Nr: 7332
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for x86
  • IBMJava5-JRE >= 1.5.0_sr16.0-0.4
  • IBMJava5-SDK >= 1.5.0_sr16.0-0.4
Builds
YOU Patch Nr: 12936
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for x86
  • IBMJava2-JRE >= 1.4.2_sr13.15-0.4
  • IBMJava2-SDK >= 1.4.2_sr13.15-0.4
Builds
YOU Patch Nr: 12935
SUSE CORE 9 for AMD64 and Intel EM64T
  • IBMJava2-JRE >= 1.4.2_sr13.15-0.2
  • IBMJava2-SDK >= 1.4.2_sr13.15-0.2
Builds
YOU Patch Nr: 12931
SUSE Linux Enterprise Server 11 SP1 LTSS
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.8.1
Builds
SAT Patch Nr: 7482
SUSE Linux Enterprise Server 11 SP1 LTSS
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1
Builds
SAT Patch Nr: 7482
SUSE Linux Enterprise Server 11 SP1 LTSS
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.8.1
Builds
SAT Patch Nr: 7482
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-alsa >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-plugin >= 1.5.0_sr16.0-0.6.1
Builds
ZYPP Patch Nr: 8494
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1
Builds
ZYPP Patch Nr: 8494
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
  • java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1
Builds
ZYPP Patch Nr: 8494
SUSE Linux Enterprise Server 11 SP1 LTSS
  • java-1_4_2-ibm >= 1.4.2_sr13.15-0.3.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13.15-0.3.1
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13.15-0.3.1
Builds
SAT Patch Nr: 7479
SUSE Linux Enterprise Server 11 SP1 LTSS
  • java-1_4_2-ibm >= 1.4.2_sr13.15-0.3.1
Builds
SAT Patch Nr: 7479
SUSE Linux Enterprise Server 10 SP4 for x86
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-alsa >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.13.3
Builds
ZYPP Patch Nr: 8495
SUSE Linux Enterprise Server 10 SP4 for IBM POWER
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-64bit >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.13.3
Builds
ZYPP Patch Nr: 8495
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-32bit >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.13.3
Builds
ZYPP Patch Nr: 8495
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-32bit >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.13.3
  • java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr13.0-0.13.3
Builds
ZYPP Patch Nr: 8495
SUSE Linux Enterprise Server 10 SP4 for x86
  • java-1_4_2-ibm >= 1.4.2_sr13.15-0.6.1
  • java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.6.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13.15-0.6.1
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13.15-0.6.1
Builds
ZYPP Patch Nr: 8481
SUSE Linux Enterprise Server 10 SP4 for IBM POWER
  • java-1_4_2-ibm >= 1.4.2_sr13.15-0.6.1
  • java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.6.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13.15-0.6.1
Builds
ZYPP Patch Nr: 8481
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP4 for IPF
  • java-1_4_2-ibm >= 1.4.2_sr13.15-0.6.1
  • java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.6.1
Builds
ZYPP Patch Nr: 8481
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_7_0-ibm-devel >= 1.7.0_sr4.0-0.6.1
Builds
SAT Patch Nr: 7454
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_7_0-ibm >= 1.7.0_sr4.0-0.6.1
  • java-1_7_0-ibm-alsa >= 1.7.0_sr4.0-0.6.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr4.0-0.6.1
  • java-1_7_0-ibm-plugin >= 1.7.0_sr4.0-0.6.1
Builds
SAT Patch Nr: 7454
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_7_0-ibm >= 1.7.0_sr4.0-0.6.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr4.0-0.6.1
  • java-1_7_0-ibm-plugin >= 1.7.0_sr4.0-0.6.1
Builds
SAT Patch Nr: 7454
SUSE Linux Enterprise Server 11 SP2
  • java-1_7_0-ibm >= 1.7.0_sr4.0-0.6.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr4.0-0.6.1
Builds
SAT Patch Nr: 7454
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_4_2-ibm >= 1.4.2_sr13.15-0.3.1
  • java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.3.1
Builds
SAT Patch Nr: 7450
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.3.1
Builds
SAT Patch Nr: 7450
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_4_2-ibm >= 1.4.2_sr13.15-0.3.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13.15-0.3.1
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13.15-0.3.1
Builds
SAT Patch Nr: 7450
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_4_2-ibm >= 1.4.2_sr13.15-0.3.1
Builds
SAT Patch Nr: 7450
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-alsa >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-demo >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-plugin >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-src >= 1.5.0_sr16.0-0.6.1
Builds
ZYPP Patch Nr: 8483
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
  • java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-demo >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-src >= 1.5.0_sr16.0-0.6.1
Builds
ZYPP Patch Nr: 8483
SUSE Linux Enterprise Server 10 SP4 for x86
  • java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-alsa >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-plugin >= 1.5.0_sr16.0-0.6.1
Builds
ZYPP Patch Nr: 8483
SUSE Linux Enterprise Server 10 SP4 for IBM POWER
  • java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-64bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-plugin >= 1.5.0_sr16.0-0.6.1
Builds
ZYPP Patch Nr: 8483
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit
  • java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1
Builds
ZYPP Patch Nr: 8483
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T
  • java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr16.0-0.6.1
  • java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1
Builds
ZYPP Patch Nr: 8483
SUSE CORE 9 for AMD64 and Intel EM64T
  • IBMJava5-JRE >= 1.5.0_sr16.0-0.2
  • IBMJava5-SDK >= 1.5.0_sr16.0-0.2
Builds
YOU Patch Nr: 12932
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • java-1_4_2-ibm >= 1.4.2_sr13.15-0.6.1
  • java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.6.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13.15-0.6.1
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13.15-0.6.1
Builds
ZYPP Patch Nr: 8493
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • java-1_4_2-ibm >= 1.4.2_sr13.15-0.6.1
  • java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.6.1
Builds
ZYPP Patch Nr: 8493
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1
Builds
SAT Patch Nr: 7481
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.8.1
Builds
SAT Patch Nr: 7481
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.8.1
Builds
SAT Patch Nr: 7481
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.8.1
Builds
SAT Patch Nr: 7481
SUSE Linux Enterprise Server 11 SP2
  • java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1
Builds
SAT Patch Nr: 7481

© 2014 Novell