Lucene search

K
ubuntuUbuntuUSN-1735-1
HistoryFeb 21, 2013 - 12:00 a.m.

OpenJDK vulnerabilities

2013-02-2100:00:00
ubuntu.com
41

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.044 Low

EPSS

Percentile

92.5%

Releases

  • Ubuntu 12.10
  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 10.04

Packages

  • openjdk-6 - Open Source Java implementation
  • openjdk-7 - Open Source Java implementation

Details

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used
in OpenJDK was vulnerable to a timing side-channel attack known as the
“Lucky Thirteen” issue. A remote attacker could use this issue to perform
plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169)

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. An attacker could exploit this to cause a
denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-1484)

A data integrity vulnerability was discovered in the OpenJDK JRE. This
issue only affected Ubuntu 12.10. (CVE-2013-1485)

Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. (CVE-2013-1486, CVE-2013-1487)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.10noarchopenjdk-7-jre-zero< 7u15-2.3.7-0ubuntu1~12.10UNKNOWN
Ubuntu12.10noarchicedtea-7-jre-cacao< 7u15-2.3.7-0ubuntu1~12.10UNKNOWN
Ubuntu12.10noarchicedtea-7-jre-jamvm< 7u15-2.3.7-0ubuntu1~12.10UNKNOWN
Ubuntu12.10noarchopenjdk-7-dbg< 7u15-2.3.7-0ubuntu1~12.10UNKNOWN
Ubuntu12.10noarchopenjdk-7-demo< 7u15-2.3.7-0ubuntu1~12.10UNKNOWN
Ubuntu12.10noarchopenjdk-7-jdk< 7u15-2.3.7-0ubuntu1~12.10UNKNOWN
Ubuntu12.10noarchopenjdk-7-jre< 7u15-2.3.7-0ubuntu1~12.10UNKNOWN
Ubuntu12.10noarchopenjdk-7-jre-headless< 7u15-2.3.7-0ubuntu1~12.10UNKNOWN
Ubuntu12.10noarchopenjdk-7-jre-lib< 7u15-2.3.7-0ubuntu1~12.10UNKNOWN
Ubuntu12.04noarchicedtea-6-jre-cacao< 6b27-1.12.3-0ubuntu1~12.04UNKNOWN
Rows per page:
1-10 of 351

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.044 Low

EPSS

Percentile

92.5%