Upstream information
Description
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.SUSE information
| National Vulnerability Database | |
|---|---|
| Base Score | 10.00 |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
- SUSE-SU-2013:0434-1, published Tue, 12 Mar 2013 18:04:47 +0100 (CET)
- openSUSE-SU-2013:0430-1, published Tue, 12 Mar 2013 11:04:28 +0100 (CET)
- openSUSE-SU-2013:0438-1, published Tue, 12 Mar 2013 21:04:28 +0100 (CET)
- openSUSE-SU-2013:0509-1, published Wed, 20 Mar 2013 17:04:46 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 11 SP2 |
| Patchnames: sledsp2-java-1_6_0-openjdk |
| SUSE Linux Enterprise Software Development Kit 11 SP2 |
|
Builds SAT Patch Nr: 7627 |
| SUSE Linux Enterprise Software Development Kit 11 SP2 |
|
Builds SAT Patch Nr: 7627 |
| SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware |
|
Builds SAT Patch Nr: 7627 |
| SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware |
|
Builds SAT Patch Nr: 7627 |
| SUSE Linux Enterprise Server 11 SP2 |
|
Builds SAT Patch Nr: 7627 |
| SUSE Linux Enterprise Software Development Kit 11 SP2 |
|
Builds SAT Patch Nr: 7618 |
| SUSE Linux Enterprise Software Development Kit 11 SP2 |
|
Builds SAT Patch Nr: 7618 |
| SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware |
|
Builds SAT Patch Nr: 7618 |
| SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware |
|
Builds SAT Patch Nr: 7618 |
| SUSE Linux Enterprise Server 10 SP4 for x86 |
|
Builds ZYPP Patch Nr: 8544 |
| SUSE Linux Enterprise Server 10 SP4 for IBM POWER |
|
Builds ZYPP Patch Nr: 8544 |
| SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit |
|
Builds ZYPP Patch Nr: 8544 |
| SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T |
|
Builds ZYPP Patch Nr: 8544 |
| SUSE Linux Enterprise Desktop 10 SP4 for x86 |
|
Builds ZYPP Patch Nr: 8542 |
| SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T |
|
Builds ZYPP Patch Nr: 8542 |
| SUSE Linux Enterprise Server 10 SP4 for x86 |
|
Builds ZYPP Patch Nr: 8542 |
| SUSE Linux Enterprise Server 10 SP4 for IBM POWER |
|
Builds ZYPP Patch Nr: 8542 |
| SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit |
|
Builds ZYPP Patch Nr: 8542 |
| SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T |
|
Builds ZYPP Patch Nr: 8542 |
| SUSE Linux Enterprise Server 10 SP4 for x86 |
|
Builds ZYPP Patch Nr: 8543 |
| SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF |
|
Builds ZYPP Patch Nr: 8543 |
| SUSE Linux Enterprise Server 10 SP4 for IBM POWER |
|
Builds ZYPP Patch Nr: 8543 |
| SUSE Linux Enterprise Desktop 11 SP2 |
|
Builds SAT Patch Nr: 7457 |
| openSUSE 12.3 |
| Patchnames: openSUSE-2013-230 |
| openSUSE Evergreen 11.4 |
| Patchnames: 2013-39 |