CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.7%
CentOS Errata and Security Advisory CESA-2013:0604
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
An integer overflow flaw was found in the way the 2D component handled
certain sample model instances. A specially-crafted sample model instance
could cause Java Virtual Machine memory corruption and, possibly, lead to
arbitrary code execution with virtual machine privileges. (CVE-2013-0809)
It was discovered that the 2D component did not properly reject certain
malformed images. Specially-crafted raster parameters could cause Java
Virtual Machine memory corruption and, possibly, lead to arbitrary code
execution with virtual machine privileges. (CVE-2013-1493)
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-March/081429.html
Affected packages:
java-1.6.0-openjdk
java-1.6.0-openjdk-demo
java-1.6.0-openjdk-devel
java-1.6.0-openjdk-javadoc
java-1.6.0-openjdk-src
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0604