An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-0809 to the following vulnerability: Name: CVE-2013-0809 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809 Assigned: 20130105 Reference: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1915099.xml Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
Fixed in Oracle Java SE 7u17 and 6u43. External Reference: http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0601 https://rhn.redhat.com/errata/RHSA-2013-0601.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0600 https://rhn.redhat.com/errata/RHSA-2013-0600.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0604 https://rhn.redhat.com/errata/RHSA-2013-0604.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0603 https://rhn.redhat.com/errata/RHSA-2013-0603.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0602 https://rhn.redhat.com/errata/RHSA-2013-0602.html
Oracle security blog post with more information on the security alert: https://blogs.oracle.com/security/entry/security_alert_cve_2013_1493 Upstream commit, as included in IcedTea7 repositories: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/fa09ada25c47
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0605 https://rhn.redhat.com/errata/RHSA-2013-0605.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0624 https://rhn.redhat.com/errata/RHSA-2013-0624.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0626 https://rhn.redhat.com/errata/RHSA-2013-0626.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0625 https://rhn.redhat.com/errata/RHSA-2013-0625.html
Fixed in IcedTea versions IcedTea6 1.11.9 and 1.12.4, and IcedTea7 2.1.7, 2.2.7 and 2.3.8: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022273.html
Write-up of additional details of this flaw: http://axtaxt.wordpress.com/2013/07/06/analysis-of-cve-2013-0809/
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.5 Via RHSA-2013:1456 https://rhn.redhat.com/errata/RHSA-2013-1456.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html