Bug 1018713 - (CVE-2013-5803) CVE-2013-5803 OpenJDK: insufficient checks of KDC replies (JGSS, 8014341)
CVE-2013-5803 OpenJDK: insufficient checks of KDC replies (JGSS, 8014341)
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20131015,reported=2...
: Security
Depends On:
Blocks: 1017595 1017632
  Show dependency treegraph
 
Reported: 2013-10-14 05:15 EDT by Tomas Hoger
Modified: 2014-04-17 07:36 EDT (History)
4 users (show)

See Also:
Fixed In Version: icedtea 2.4.3, icedtea 1.11.14, icedtea 1.12.7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-08 17:16:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2013-10-14 05:15:03 EDT
It was discovered that KRB5 / Kerberos implementation in OpenJDK did not properly parse KDC (Kerberos Key Distribution Center) responses.  A malformed or truncated packet could cause a Java application using JGSS to exit because of an unexpected exception.
Comment 1 Stefan Cornelius 2013-10-16 02:57:35 EDT
External References:

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Comment 2 Tomas Hoger 2013-10-16 03:59:25 EDT
Fixed in Oracle Java SE 7u45 and 6u65.

OpenJDK upstream commit:

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/0b84d3b434c2
Comment 3 errata-xmlrpc 2013-10-17 13:39:41 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2013:1440 https://rhn.redhat.com/errata/RHSA-2013-1440.html
Comment 4 errata-xmlrpc 2013-10-21 13:44:30 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1447 https://rhn.redhat.com/errata/RHSA-2013-1447.html
Comment 5 errata-xmlrpc 2013-10-22 13:20:02 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1451 https://rhn.redhat.com/errata/RHSA-2013-1451.html
Comment 6 errata-xmlrpc 2013-11-05 13:05:16 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:1505 https://rhn.redhat.com/errata/RHSA-2013-1505.html
Comment 7 errata-xmlrpc 2013-11-07 11:57:27 EST
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2013:1509 https://rhn.redhat.com/errata/RHSA-2013-1509.html
Comment 8 errata-xmlrpc 2013-11-07 12:02:03 EST
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2013:1508 https://rhn.redhat.com/errata/RHSA-2013-1508.html
Comment 9 errata-xmlrpc 2013-11-07 12:08:45 EST
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2013:1507 https://rhn.redhat.com/errata/RHSA-2013-1507.html
Comment 10 errata-xmlrpc 2013-12-05 12:41:00 EST
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4
  Red Hat Network Satellite Server v 5.5
  Red Hat Satellite Server v 5.6

Via RHSA-2013:1793 https://rhn.redhat.com/errata/RHSA-2013-1793.html
Comment 12 errata-xmlrpc 2014-04-17 07:36:16 EDT
This issue has been addressed in following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 5

Via RHSA-2014:0414 https://rhn.redhat.com/errata/RHSA-2014-0414.html

Note You need to log in before you can comment on or make changes to this bug.