CVE-2013-2412

Upstream information

CVE-2013-2412 at MITRE

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.

SUSE information

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.96
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

SUSE Bugzilla entries: 825624 [CLOSED / INVALID], 828665 [RESOLVED / FIXED], 829212 [RESOLVED / FIXED], 829708 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SU-2013:1238-1, published Tue, 23 Jul 2013 22:04:14 +0200 (CEST)
SUSE-SU-2013:1254-1, published Thu, 25 Jul 2013 16:04:14 +0200 (CEST)
SUSE-SU-2013:1255-1, published Thu, 25 Jul 2013 20:04:13 +0200 (CEST)
SUSE-SU-2013:1255-2, published Sat, 27 Jul 2013 17:04:18 +0200 (CEST)
SUSE-SU-2013:1255-3, published Tue, 30 Jul 2013 19:04:11 +0200 (CEST)
SUSE-SU-2013:1257-1, published Thu, 25 Jul 2013 20:04:26 +0200 (CEST)
SUSE-SU-2013:1305-1, published Tue, 6 Aug 2013 23:04:12 +0200 (CEST)
openSUSE-SU-2013:1247-1, published Wed, 24 Jul 2013 15:04:29 +0200 (CEST)
openSUSE-SU-2013:1288-1, published Thu, 1 Aug 2013 15:04:16 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP2	`java-1_6_0-openjdk >= 1.6.0.0_b27.1.12.6-0.2.1` `java-1_6_0-openjdk-demo >= 1.6.0.0_b27.1.12.6-0.2.1` `java-1_6_0-openjdk-devel >= 1.6.0.0_b27.1.12.6-0.2.1`	Patchnames: sledsp2-java-1_6_0-openjdk
SUSE Linux Enterprise Desktop 11 SP3	`java-1_7_0-openjdk >= 1.7.0.6-0.19.2` `java-1_7_0-openjdk-demo >= 1.7.0.6-0.19.2` `java-1_7_0-openjdk-devel >= 1.7.0.6-0.19.2`	Patchnames: sledsp3-java-1_7_0-openjdk
SUSE Linux Enterprise Server 11 SP1-LTSS	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr16.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1`	Patchnames: slessp1-java-1_6_0-ibm
SUSE Linux Enterprise Server 11 SP2	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr15.0-0.5.1` `java-1_6_0-ibm-devel >= 1.6.0_sr16.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1` `java-1_7_0-ibm >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-alsa >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-devel >= 1.7.0_sr7.0-0.5.1` `java-1_7_0-ibm-jdbc >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-plugin >= 1.7.0_sr5.0-0.5.1`	Patchnames: slessp2-java-1_6_0-ibm slessp2-java-1_7_0-ibm
SUSE Linux Enterprise Server 11 SP3	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr16.2-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1`	Patchnames: slessp3-java-1_6_0-ibm
SUSE Linux Enterprise Server for VMWare 11 SP2	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr15.0-0.5.1` `java-1_6_0-ibm-devel >= 1.6.0_sr16.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1` `java-1_7_0-ibm >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-alsa >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-devel >= 1.7.0_sr7.0-0.5.1` `java-1_7_0-ibm-jdbc >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-plugin >= 1.7.0_sr5.0-0.5.1`	Patchnames: slessp2-java-1_6_0-ibm slessp2-java-1_7_0-ibm
SUSE Linux Enterprise Server for VMWare 11 SP3	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr16.2-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1`	Patchnames: slessp3-java-1_6_0-ibm
SUSE Linux Enterprise Software Development Kit 11 SP2	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_7_0-ibm-devel >= 1.7.0_sr5.0-0.5.1`	Patchnames: sdksp2-java-1_6_0-ibm sdksp2-java-1_7_0-ibm
SUSE Linux Enterprise Software Development Kit 11 SP3	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1`	Patchnames: sdksp3-java-1_6_0-ibm
SUSE Linux Enterprise Desktop 11 SP2	`java-1_6_0-openjdk >= 1.6.0.0_b27.1.12.6-0.2.1` `java-1_6_0-openjdk-demo >= 1.6.0.0_b27.1.12.6-0.2.1` `java-1_6_0-openjdk-devel >= 1.6.0.0_b27.1.12.6-0.2.1`	Builds SAT Patch Nr: 8084
SUSE Linux Enterprise Software Development Kit 11 SP3	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8105
SUSE Linux Enterprise Software Development Kit 11 SP3	`java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8105
SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8105
SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8105
SUSE Linux Enterprise Server 11 SP3	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8105
SUSE Linux Enterprise Software Development Kit 11 SP3	`java-1_7_0-ibm-devel >= 1.7.0_sr5.0-0.5.1`	Builds SAT Patch Nr: 8106
SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware	`java-1_7_0-ibm >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-alsa >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-jdbc >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-plugin >= 1.7.0_sr5.0-0.5.1`	Builds SAT Patch Nr: 8106
SUSE Linux Enterprise Server 11 SP3	`java-1_7_0-ibm >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-jdbc >= 1.7.0_sr5.0-0.5.1`	Builds SAT Patch Nr: 8106
SUSE Linux Enterprise Desktop 11 SP3	`java-1_7_0-openjdk >= 1.7.0.6-0.19.2` `java-1_7_0-openjdk-demo >= 1.7.0.6-0.19.2` `java-1_7_0-openjdk-devel >= 1.7.0.6-0.19.2`	Builds SAT Patch Nr: 8090
SUSE Linux Enterprise Server 11 SP1 LTSS	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8114
SUSE Linux Enterprise Server 11 SP1 LTSS	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8114
SUSE Linux Enterprise Server 11 SP1 LTSS	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8114
SUSE Linux Enterprise Server 10 SP3 LTSS for x86	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.6.6.1`	Builds ZYPP Patch Nr: 8671
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-32bit >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-devel-32bit >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.6.6.1`	Builds ZYPP Patch Nr: 8671
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-32bit >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-devel-32bit >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.6.6.1` `java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr14.0-0.6.6.1`	Builds ZYPP Patch Nr: 8671
SUSE Linux Enterprise Software Development Kit 11 SP2	`java-1_7_0-ibm-devel >= 1.7.0_sr5.0-0.5.1`	Builds SAT Patch Nr: 8108
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`java-1_7_0-ibm >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-alsa >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-jdbc >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-plugin >= 1.7.0_sr5.0-0.5.1`	Builds SAT Patch Nr: 8108
SUSE Linux Enterprise Server 11 SP2	`java-1_7_0-ibm >= 1.7.0_sr5.0-0.5.1` `java-1_7_0-ibm-jdbc >= 1.7.0_sr5.0-0.5.1`	Builds SAT Patch Nr: 8108
SUSE Linux Enterprise Server 10 SP4 for x86	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.11.1`	Builds ZYPP Patch Nr: 8657
SUSE Linux Enterprise Server 10 SP4 for IBM POWER	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-64bit >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.11.1`	Builds ZYPP Patch Nr: 8657
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-32bit >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-devel-32bit >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.11.1`	Builds ZYPP Patch Nr: 8657
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-32bit >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-devel-32bit >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.11.1` `java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr14.0-0.11.1`	Builds ZYPP Patch Nr: 8657
SUSE Linux Enterprise Software Development Kit 11 SP2	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8107
SUSE Linux Enterprise Software Development Kit 11 SP2	`java-1_6_0-ibm-devel >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8107
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-alsa >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8107
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-plugin >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8107
SUSE Linux Enterprise Server 11 SP2	`java-1_6_0-ibm >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-fonts >= 1.6.0_sr14.0-0.3.1` `java-1_6_0-ibm-jdbc >= 1.6.0_sr14.0-0.3.1`	Builds SAT Patch Nr: 8107
openSUSE 12.3	`java-1_7_0-openjdk >= 1.7.0.6-8.18.1` `java-1_7_0-openjdk-debuginfo >= 1.7.0.6-8.18.1` `java-1_7_0-openjdk-debugsource >= 1.7.0.6-8.18.1` `java-1_7_0-openjdk-demo >= 1.7.0.6-8.18.1` `java-1_7_0-openjdk-demo-debuginfo >= 1.7.0.6-8.18.1` `java-1_7_0-openjdk-devel >= 1.7.0.6-8.18.1` `java-1_7_0-openjdk-devel-debuginfo >= 1.7.0.6-8.18.1` `java-1_7_0-openjdk-javadoc >= 1.7.0.6-8.18.1` `java-1_7_0-openjdk-src >= 1.7.0.6-8.18.1`	Patchnames: openSUSE-2013-622
openSUSE Evergreen 11.4	`java-1_6_0-openjdk >= 1.6.0.0_b27.1.12.6-41.1` `java-1_6_0-openjdk-debuginfo >= 1.6.0.0_b27.1.12.6-41.1` `java-1_6_0-openjdk-debugsource >= 1.6.0.0_b27.1.12.6-41.1` `java-1_6_0-openjdk-demo >= 1.6.0.0_b27.1.12.6-41.1` `java-1_6_0-openjdk-demo-debuginfo >= 1.6.0.0_b27.1.12.6-41.1` `java-1_6_0-openjdk-devel >= 1.6.0.0_b27.1.12.6-41.1` `java-1_6_0-openjdk-devel-debuginfo >= 1.6.0.0_b27.1.12.6-41.1` `java-1_6_0-openjdk-javadoc >= 1.6.0.0_b27.1.12.6-41.1` `java-1_6_0-openjdk-src >= 1.6.0.0_b27.1.12.6-41.1`	Patchnames: 2013-113

CVE-2013-2412

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Services