CVE-2013-1500

NameCVE-2013-1500
DescriptionUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2722-1, DSA-2727-1
NVD severitylow (attack range: local)
Debian/oldstablepackage openjdk-6 is vulnerable.
Debian/stablepackages openjdk-6, openjdk-7 are vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openjdk-6 (PTS)squeeze6b18-1.8.13-0+squeeze2vulnerable
squeeze (security)6b31-1.13.3-1~deb6u1fixed
squeeze (lts)6b34-1.13.6-1~deb6u1fixed
wheezy6b27-1.12.5-1vulnerable
wheezy (security)6b34-1.13.6-1~deb7u1fixed
sid6b34-1.13.6-1fixed
openjdk-7 (PTS)wheezy7u3-2.1.7-1vulnerable
wheezy (security)7u75-2.5.4-1~deb7u1fixed
jessie, sid7u75-2.5.4-2fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openjdk-6source(unstable)6b27-1.12.6-1low
openjdk-6sourcesqueeze6b27-1.12.6-1~deb6u1lowDSA-2727-1
openjdk-6sourcewheezy6b27-1.12.6-1~deb7u1lowDSA-2727-1
openjdk-7source(unstable)7u25-2.3.10-1low
openjdk-7sourcewheezy7u25-2.3.10-1~deb7u1lowDSA-2722-1

Search for package or bug name: Reporting problems