Lucene search
UbuntuUSN-1735-1HistoryFeb 21, 2013 - 12:00 a.m.
OpenJDK vulnerabilities
2013-02-2100:00:00
ubuntu.com
41
Releases
- Ubuntu 12.10
- Ubuntu 12.04
- Ubuntu 11.10
- Ubuntu 10.04
Packages
- openjdk-6 - Open Source Java implementation
- openjdk-7 - Open Source Java implementation
Details
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used
in OpenJDK was vulnerable to a timing side-channel attack known as the
“Lucky Thirteen” issue. A remote attacker could use this issue to perform
plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. An attacker could exploit this to cause a
denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-1484)
A data integrity vulnerability was discovered in the OpenJDK JRE. This
issue only affected Ubuntu 12.10. (CVE-2013-1485)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. (CVE-2013-1486, CVE-2013-1487)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 12.10 | noarch | openjdk-7-jre-zero | < 7u15-2.3.7-0ubuntu1~12.10 | UNKNOWN |
| Ubuntu | 12.10 | noarch | icedtea-7-jre-cacao | < 7u15-2.3.7-0ubuntu1~12.10 | UNKNOWN |
| Ubuntu | 12.10 | noarch | icedtea-7-jre-jamvm | < 7u15-2.3.7-0ubuntu1~12.10 | UNKNOWN |
| Ubuntu | 12.10 | noarch | openjdk-7-dbg | < 7u15-2.3.7-0ubuntu1~12.10 | UNKNOWN |
| Ubuntu | 12.10 | noarch | openjdk-7-demo | < 7u15-2.3.7-0ubuntu1~12.10 | UNKNOWN |
| Ubuntu | 12.10 | noarch | openjdk-7-jdk | < 7u15-2.3.7-0ubuntu1~12.10 | UNKNOWN |
| Ubuntu | 12.10 | noarch | openjdk-7-jre | < 7u15-2.3.7-0ubuntu1~12.10 | UNKNOWN |
| Ubuntu | 12.10 | noarch | openjdk-7-jre-headless | < 7u15-2.3.7-0ubuntu1~12.10 | UNKNOWN |
| Ubuntu | 12.10 | noarch | openjdk-7-jre-lib | < 7u15-2.3.7-0ubuntu1~12.10 | UNKNOWN |
| Ubuntu | 12.04 | noarch | icedtea-6-jre-cacao | < 6b27-1.12.3-0ubuntu1~12.04 | UNKNOWN |
Related
nessus
nessus
Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) (Unix)
2013-02-22 00:00:00
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1735-1)
2013-02-22 00:00:00
RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0532)
2013-02-21 00:00:00
redhat
redhat
(RHSA-2013:0532) Critical: java-1.7.0-oracle security update
2013-02-20 00:00:00
(RHSA-2013:0275) Important: java-1.7.0-openjdk security update
2013-02-20 00:00:00
(RHSA-2013:0531) Critical: java-1.6.0-sun security update
2013-02-20 00:00:00
openvas
openvas
Ubuntu Update for openjdk-7 USN-1735-1
2013-02-22 00:00:00
Ubuntu: Security Advisory (USN-1735-1)
2013-02-22 00:00:00
RedHat Update for java-1.7.0-openjdk RHSA-2013:0275-01
2013-02-22 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-02-20 00:00:00
java-1.6.0-openjdk security update
2013-02-20 00:00:00
java-1.6.0-openjdk security update
2013-02-20 00:00:00
centos
centos
java security update
2013-02-20 20:12:54
java security update
2013-02-20 20:11:32
java security update
2013-02-20 20:33:43
amazon
amazon
Important: java-1.7.0-openjdk
2013-03-02 16:49:00
Important: java-1.6.0-openjdk
2013-03-02 16:50:00
Critical: openssl
2014-04-07 17:26:00
threatpost
threatpost
Oracle Patches Critical Java Flaws in 7u15
2013-02-19 22:30:02
suse
suse
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 18:04:30
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 17:04:41
Security update for Java (important)
2013-02-22 20:04:33
ubuntucve
ubuntucve
cvelist
cvelist
zdi
zdi
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:52:53
Sandbox Restrictions Bypass
2019-05-02 04:54:21
Sandbox Restrictions Bypass
2019-05-02 04:52:53
cve
cve
prion
prion
Design/Logic Flaw
2013-02-20 21:55:00
Design/Logic Flaw
2013-02-20 21:55:00
Design/Logic Flaw
2013-02-20 21:55:00
ibm
ibm
securityvulns
securityvulns
ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
f5
f5
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
SOL14190 - TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2013-02-08 00:00:00
K15637 : GnuTLS vulnerability CVE-2013-2116
2014-10-16 00:00:00
slackware
slackware
openssl
2013-02-11 23:49:59
openssl
openssl
Vulnerability in OpenSSL CVE-2013-0169
2013-02-04 00:00:00
hackerone
hackerone
Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com
2017-07-30 20:00:47
debiancve
debiancve
pentestpartners
pentestpartners
Vulnerabilities that (mostly) aren’t: LUCKY13
2024-05-03 05:12:27
osv
osv
CVE-2016-2107
2016-05-05 01:59:00
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18
2013-04-03 04:51:11