Mageia Security Advisory MGASA-2013-0088: OpenJDK fixes CVE-2013-0809/1493 integer overflow vulnerabilities

Vulnerability Information - MGASA-2013-0088 Basic Information Date: March 9, 2013 Affected Versions: 2 Medium: Core Description The java-1.7.0-openjdk package has been updated to fix security vulnerabilities: An integer overflow vulnerability was found in the way 2D components handled certain sample model instances. A specially crafted sample model instance could lead to Java Virtual Machine memory corruption and potentially allow execution of arbitrary code with virtual machine privileges (CVE-2013-0809). It was discovered that the 2D component did not properly reject certain malformed images. A specially crafted raster parameter could lead to Java Virtual Machine memory corruption and potentially allow execution of arbitrary code with virtual machine privileges (CVE-2013-1493). Updated Packages i586: java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.8.1.mga2.noarch java-1.7.0-openjdk-demo-1.7.0.6-2.3.8.1.mga2.i586 java-1.7.0-openjdk-1.7.0.6-2.3.8.1.mga2.i586 java-1.7.0-openjdk-devel-1.7.0.6-2.3.8.1.mga2.i586 java-1.7.0-openjdk-src-1.7.0.6-2.3.8.1.mga2.i586 x86_64: java-1.7.0-openjdk-src-1.7.0.6-2.3.8.1.mga2.x86_64 java-1.7.0-openjdk-1.7.0.6-2.3.8.1.mga2.x86_64 java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.8.1.mga2.noarch java-1.7.0-openjdk-devel-1.7.0.6-2.3.8.1.mga2.x86_64 java-1.7.0-openjdk-demo-1.7.0.6-2.3.8.1.mga2.x86_64 SRPMs: java-1.7.0-openjdk-1.7.0.6-2.3.8.1.mga2 References CVE-2013-0809 CVE-2013-1493 Oracle Security Alert RHSA-2013-0602 Mageia Bug Tracker

Goal Reached Thanks to every supporter — we hit 100%!

Mageia Security Advisory MGASA-2013-0088: OpenJDK fixes CVE-2013-0809/1493 integer overflow vulnerabilities