CVE-2013-0440

Common Vulnerabilities and Exposures

Upstream information

CVE-2013-0440 at MITRE

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Note from the SUSE Security Team

This security problem affects also IBM Java on SUSE Linux Enterprise Server in various versions.

IBM is still working on a fix currently. As soon as a fix is provided we will be shipping updated IBM Java packages.

Please check the IBM JDK Alerts overview page for more information and the current IBM status.

Novell Bugzilla entries: 798535, 801972, 803379, 806786

SUSE Security Advisories:

openSUSE-SU-2013:0308-1, published Tue, 19 Feb 2013 11:04:35 +0100 (CET)
openSUSE-SU-2013:0312-1, published Tue, 19 Feb 2013 15:04:26 +0100 (CET)
openSUSE-SU-2013:0377-1, published Fri, 1 Mar 2013 17:05:38 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 10 SP3 LTSS for x86	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.7.7.1`	Builds ZYPP Patch Nr: 8497
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-32bit >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-devel-32bit >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.7.7.1`	Builds ZYPP Patch Nr: 8497
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-32bit >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-devel-32bit >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.7.7.1` `java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr13.0-0.7.7.1`	Builds ZYPP Patch Nr: 8497
SLE 11 SP2 DEBUGINFO	`java-1_6_0-openjdk-debuginfo >= 1.6.0.0_b27.1.12.2-0.2.1` `java-1_6_0-openjdk-debugsource >= 1.6.0.0_b27.1.12.2-0.2.1`	Builds SAT Patch Nr: 7332
SUSE Linux Enterprise Desktop 11 SP2	`java-1_6_0-openjdk >= 1.6.0.0_b27.1.12.2-0.2.1` `java-1_6_0-openjdk-demo >= 1.6.0.0_b27.1.12.2-0.2.1` `java-1_6_0-openjdk-devel >= 1.6.0.0_b27.1.12.2-0.2.1`	Builds SAT Patch Nr: 7332
SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for x86	`IBMJava5-JRE >= 1.5.0_sr16.0-0.4` `IBMJava5-SDK >= 1.5.0_sr16.0-0.4`	Builds YOU Patch Nr: 12936
SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for x86	`IBMJava2-JRE >= 1.4.2_sr13.15-0.4` `IBMJava2-SDK >= 1.4.2_sr13.15-0.4`	Builds YOU Patch Nr: 12935
SUSE CORE 9 for AMD64 and Intel EM64T	`IBMJava2-JRE >= 1.4.2_sr13.15-0.2` `IBMJava2-SDK >= 1.4.2_sr13.15-0.2`	Builds YOU Patch Nr: 12931
SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 11 SP1 for VMware LTSS	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.8.1`	Builds SAT Patch Nr: 7482
SUSE Linux Enterprise Server 11 SP1 LTSS	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1`	Builds SAT Patch Nr: 7482
SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 11 SP1 for VMware LTSS	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.8.1`	Builds SAT Patch Nr: 7482
SUSE Linux Enterprise Server 10 SP3 LTSS for x86	`java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-alsa >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-jdbc >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-plugin >= 1.5.0_sr16.0-0.6.1`	Builds ZYPP Patch Nr: 8494
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit	`java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1`	Builds ZYPP Patch Nr: 8494
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T	`java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1`	Builds ZYPP Patch Nr: 8494
SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 11 SP1 for VMware LTSS	`java-1_4_2-ibm >= 1.4.2_sr13.15-0.3.1` `java-1_4_2-ibm-jdbc >= 1.4.2_sr13.15-0.3.1` `java-1_4_2-ibm-plugin >= 1.4.2_sr13.15-0.3.1`	Builds SAT Patch Nr: 7479
SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 11 SP1 for VMware LTSS	`java-1_4_2-ibm >= 1.4.2_sr13.15-0.3.1`	Builds SAT Patch Nr: 7479
SUSE Linux Enterprise Server 10 SP4 for x86	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-alsa >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.13.3`	Builds ZYPP Patch Nr: 8495
SUSE Linux Enterprise Server 10 SP4 for IBM POWER	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-64bit >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.13.3`	Builds ZYPP Patch Nr: 8495
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-32bit >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-devel-32bit >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.13.3`	Builds ZYPP Patch Nr: 8495
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-32bit >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-devel-32bit >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.13.3` `java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr13.0-0.13.3`	Builds ZYPP Patch Nr: 8495
SUSE Linux Enterprise Server 10 SP4 for x86	`java-1_4_2-ibm >= 1.4.2_sr13.15-0.6.1` `java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.6.1` `java-1_4_2-ibm-jdbc >= 1.4.2_sr13.15-0.6.1` `java-1_4_2-ibm-plugin >= 1.4.2_sr13.15-0.6.1`	Builds ZYPP Patch Nr: 8481
SUSE Linux Enterprise Server 10 SP4 for IBM POWER	`java-1_4_2-ibm >= 1.4.2_sr13.15-0.6.1` `java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.6.1` `java-1_4_2-ibm-jdbc >= 1.4.2_sr13.15-0.6.1`	Builds ZYPP Patch Nr: 8481
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF	`java-1_4_2-ibm >= 1.4.2_sr13.15-0.6.1` `java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.6.1`	Builds ZYPP Patch Nr: 8481
SUSE Linux Enterprise Software Development Kit 11 SP2	`java-1_7_0-ibm-devel >= 1.7.0_sr4.0-0.6.1`	Builds SAT Patch Nr: 7454
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`java-1_7_0-ibm >= 1.7.0_sr4.0-0.6.1` `java-1_7_0-ibm-alsa >= 1.7.0_sr4.0-0.6.1` `java-1_7_0-ibm-jdbc >= 1.7.0_sr4.0-0.6.1` `java-1_7_0-ibm-plugin >= 1.7.0_sr4.0-0.6.1`	Builds SAT Patch Nr: 7454
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`java-1_7_0-ibm >= 1.7.0_sr4.0-0.6.1` `java-1_7_0-ibm-jdbc >= 1.7.0_sr4.0-0.6.1` `java-1_7_0-ibm-plugin >= 1.7.0_sr4.0-0.6.1`	Builds SAT Patch Nr: 7454
SUSE Linux Enterprise Server 11 SP2	`java-1_7_0-ibm >= 1.7.0_sr4.0-0.6.1` `java-1_7_0-ibm-jdbc >= 1.7.0_sr4.0-0.6.1`	Builds SAT Patch Nr: 7454
SUSE Linux Enterprise Software Development Kit 11 SP2	`java-1_4_2-ibm >= 1.4.2_sr13.15-0.3.1` `java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.3.1`	Builds SAT Patch Nr: 7450
SUSE Linux Enterprise Software Development Kit 11 SP2	`java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.3.1`	Builds SAT Patch Nr: 7450
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`java-1_4_2-ibm >= 1.4.2_sr13.15-0.3.1` `java-1_4_2-ibm-jdbc >= 1.4.2_sr13.15-0.3.1` `java-1_4_2-ibm-plugin >= 1.4.2_sr13.15-0.3.1`	Builds SAT Patch Nr: 7450
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`java-1_4_2-ibm >= 1.4.2_sr13.15-0.3.1`	Builds SAT Patch Nr: 7450
SUSE Linux Enterprise Desktop 10 SP4 for x86	`java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-alsa >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-demo >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-jdbc >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-plugin >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-src >= 1.5.0_sr16.0-0.6.1`	Builds ZYPP Patch Nr: 8483
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T	`java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-demo >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-src >= 1.5.0_sr16.0-0.6.1`	Builds ZYPP Patch Nr: 8483
SUSE Linux Enterprise Server 10 SP4 for x86	`java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-alsa >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-jdbc >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-plugin >= 1.5.0_sr16.0-0.6.1`	Builds ZYPP Patch Nr: 8483
SUSE Linux Enterprise Server 10 SP4 for IBM POWER	`java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-64bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-jdbc >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-plugin >= 1.5.0_sr16.0-0.6.1`	Builds ZYPP Patch Nr: 8483
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit	`java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1`	Builds ZYPP Patch Nr: 8483
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T	`java-1_5_0-ibm >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr16.0-0.6.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr16.0-0.6.1`	Builds ZYPP Patch Nr: 8483
SUSE CORE 9 for AMD64 and Intel EM64T	`IBMJava5-JRE >= 1.5.0_sr16.0-0.2` `IBMJava5-SDK >= 1.5.0_sr16.0-0.2`	Builds YOU Patch Nr: 12932
SUSE Linux Enterprise Server 10 SP3 LTSS for x86	`java-1_4_2-ibm >= 1.4.2_sr13.15-0.6.1` `java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.6.1` `java-1_4_2-ibm-jdbc >= 1.4.2_sr13.15-0.6.1` `java-1_4_2-ibm-plugin >= 1.4.2_sr13.15-0.6.1`	Builds ZYPP Patch Nr: 8493
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit	`java-1_4_2-ibm >= 1.4.2_sr13.15-0.6.1` `java-1_4_2-ibm-devel >= 1.4.2_sr13.15-0.6.1`	Builds ZYPP Patch Nr: 8493
SUSE Linux Enterprise Software Development Kit 11 SP2	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1`	Builds SAT Patch Nr: 7481
SUSE Linux Enterprise Software Development Kit 11 SP2	`java-1_6_0-ibm-devel >= 1.6.0_sr13.0-0.8.1`	Builds SAT Patch Nr: 7481
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.8.1`	Builds SAT Patch Nr: 7481
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr13.0-0.8.1`	Builds SAT Patch Nr: 7481
SUSE Linux Enterprise Server 11 SP2	`java-1_6_0-ibm >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr13.0-0.8.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr13.0-0.8.1`	Builds SAT Patch Nr: 7481

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy