This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 1019113 - (CVE-2013-5809) CVE-2013-5809 OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510)
CVE-2013-5809 OpenJDK: JPEGImageReader and JPEGImageWriter missing band size ...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
impact=critical,public=20131015,repor...
: Security
Depends On:
Blocks: 1017595 1017632
  Show dependency treegraph
 
Reported: 2013-10-15 03:52 EDT by Stefan Cornelius
Modified: 2014-04-17 07:37 EDT (History)
4 users (show)

See Also:
Fixed In Version: icedtea 2.4.3, icedtea 1.11.14, icedtea 1.12.7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-08 17:31:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Stefan Cornelius 2013-10-15 03:52:39 EDT
It was discovered that the JPEGImageReader and JPEGImageWriter classes did not properly verify the band size. An untrusted Java application or applet could possibly use this flaw to trigger a Java Virtual Machine memory corruption.
Comment 1 Stefan Cornelius 2013-10-16 02:22:47 EDT
External References:

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Comment 2 Tomas Hoger 2013-10-16 05:42:43 EDT
Fixed in Oracle Java SE 7u45 and 6u65.

OpenJDK upstream commit:

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/3abe390615e3
Comment 3 errata-xmlrpc 2013-10-17 13:41:15 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2013:1440 https://rhn.redhat.com/errata/RHSA-2013-1440.html
Comment 4 errata-xmlrpc 2013-10-21 13:46:29 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1447 https://rhn.redhat.com/errata/RHSA-2013-1447.html
Comment 5 errata-xmlrpc 2013-10-22 13:22:54 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1451 https://rhn.redhat.com/errata/RHSA-2013-1451.html
Comment 6 errata-xmlrpc 2013-11-05 13:06:46 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:1505 https://rhn.redhat.com/errata/RHSA-2013-1505.html
Comment 7 errata-xmlrpc 2013-11-07 11:58:31 EST
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2013:1509 https://rhn.redhat.com/errata/RHSA-2013-1509.html
Comment 8 errata-xmlrpc 2013-11-07 12:05:04 EST
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2013:1508 https://rhn.redhat.com/errata/RHSA-2013-1508.html
Comment 9 errata-xmlrpc 2013-11-07 12:10:31 EST
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2013:1507 https://rhn.redhat.com/errata/RHSA-2013-1507.html
Comment 10 errata-xmlrpc 2013-12-05 12:42:43 EST
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4
  Red Hat Network Satellite Server v 5.5
  Red Hat Satellite Server v 5.6

Via RHSA-2013:1793 https://rhn.redhat.com/errata/RHSA-2013-1793.html
Comment 12 errata-xmlrpc 2014-04-17 07:37:22 EDT
This issue has been addressed in following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 5

Via RHSA-2014:0414 https://rhn.redhat.com/errata/RHSA-2014-0414.html

Note You need to log in before you can comment on or make changes to this bug.