Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : openjdk-6 vulnerabilities (USN-1755-1)

Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

It was discovered that OpenJDK did not properly validate certain types
of images. A remote attacker could exploit this to cause OpenJDK to
crash. (CVE-2013-0809)

It was discovered that OpenJDK did not properly check return values
when performing color conversion for images. If a user were tricked
into opening a crafted image with OpenJDK, such as with the Java
plugin, a remote attacker could cause OpenJDK to crash or execute
arbitrary code outside of the Java sandbox with the privileges of the
user invoking the program. (CVE-2013-1493).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 65045 ()

Bugtraq ID: 58238

CVE ID: CVE-2013-0809