Ubuntu 12.04 LTS / 12.10 / 13.04 : icedtea-web update (USN-1907-2)

Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream
changes, IcedTea Web needed an update to work with the new OpenJDK 7.

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit
these to expose sensitive data over the network. (CVE-2013-1500,
CVE-2013-2454, CVE-2013-2458)

A vulnerability was discovered in the OpenJDK Javadoc
related to data integrity. (CVE-2013-1571)

A vulnerability was discovered in the OpenJDK JRE related to
information disclosure and availability. An attacker could
exploit this to cause a denial of service or expose
sensitive data over the network. (CVE-2013-2407)

Several vulnerabilities were discovered in the OpenJDK JRE
related to information disclosure. An attacker could exploit
these to expose sensitive data over the network.
(CVE-2013-2412, CVE-2013-2443, CVE-2013-2446, CVE-2013-2447,
CVE-2013-2449, CVE-2013-2452, CVE-2013-2456)

Several vulnerabilities were discovered in the OpenJDK JRE
related to availability. An attacker could exploit these to
cause a denial of service. (CVE-2013-2444, CVE-2013-2445,
CVE-2013-2450)

Several vulnerabilities were discovered in the OpenJDK JRE
related to information disclosure, data integrity and
availability. An attacker could exploit these to cause a
denial of service or expose sensitive data over the network.
(CVE-2013-2448, CVE-2013-2451, CVE-2013-2459, CVE-2013-2460,
CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469,
CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473)

Several vulnerabilities were discovered in the OpenJDK JRE
related to data integrity. (CVE-2013-2453, CVE-2013-2455,
CVE-2013-2457).

Solution :

Update the affected icedtea-netx package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true