Mageia Security Advisory MGASA-2013-0088: OpenJDK fixes CVE-2013-0809/1493 integer overflow vulnerabilities

# Vulnerability Information - MGASA-2013-0088 ## Basic Information - **Date**: March 9, 2013 - **Affected Versions**: 2 - **Medium**: Core ## Description The java-1.7.0-openjdk package has been updated to fix security vulnerabilities: - An integer overflow vulnerability was found in the way 2D components handled certain sample model instances. A specially crafted sample model instance could lead to Java Virtual Machine memory corruption and potentially allow execution of arbitrary code with virtual machine privileges (CVE-2013-0809). - It was discovered that the 2D component did not properly reject certain malformed images. A specially crafted raster parameter could lead to Java Virtual Machine memory corruption and potentially allow execution of arbitrary code with virtual machine privileges (CVE-2013-1493). ## Updated Packages ### i586: - java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.8.1.mga2.noarch - java-1.7.0-openjdk-demo-1.7.0.6-2.3.8.1.mga2.i586 - java-1.7.0-openjdk-1.7.0.6-2.3.8.1.mga2.i586 - java-1.7.0-openjdk-devel-1.7.0.6-2.3.8.1.mga2.i586 - java-1.7.0-openjdk-src-1.7.0.6-2.3.8.1.mga2.i586 ### x86_64: - java-1.7.0-openjdk-src-1.7.0.6-2.3.8.1.mga2.x86_64 - java-1.7.0-openjdk-1.7.0.6-2.3.8.1.mga2.x86_64 - java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.8.1.mga2.noarch - java-1.7.0-openjdk-devel-1.7.0.6-2.3.8.1.mga2.x86_64 - java-1.7.0-openjdk-demo-1.7.0.6-2.3.8.1.mga2.x86_64 ### SRPMs: - java-1.7.0-openjdk-1.7.0.6-2.3.8.1.mga2 ## References - [CVE-2013-0809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809) - [CVE-2013-1493](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493) - [Oracle Security Alert](https://www.oracle.com/technetwork/topics/security/alert-cve-2013-1915081.html) - [RHSA-2013-0602](https://rhn.redhat.com/errata/RHSA-2013-0602.html) - [Mageia Bug Tracker](https://bugs.mageia.org/show_bug.cgi?id=9264)

Goal Reached Thanks to every supporter — we hit 100%!

Mageia Security Advisory MGASA-2013-0088: OpenJDK fixes CVE-2013-0809/1493 integer overflow vulnerabilities