Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-5907

Publication date 15 January 2014

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file.

Read the notes from the security team

Status

Package Ubuntu Release Status
openjdk-6 13.10 saucy
Fixed 6b30-1.13.1-1ubuntu2~0.13.10.1
13.04 raring Ignored end of life, was deferred
12.10 quantal
Fixed 6b30-1.13.1-1ubuntu2~0.12.10.1
12.04 LTS precise
Fixed 6b30-1.13.1-1ubuntu2~0.12.04.1
10.04 LTS lucid
Fixed 6b30-1.13.1-1ubuntu2~0.10.04.1
openjdk-7 13.10 saucy
Fixed 7u51-2.4.4-0ubuntu0.13.10.1
13.04 raring
Fixed 7u51-2.4.4-0ubuntu0.13.04.2
12.10 quantal
Fixed 7u51-2.4.4-0ubuntu0.12.10.2
12.04 LTS precise
Fixed 7u51-2.4.4-0ubuntu0.12.04.2
10.04 LTS lucid Not in release

Notes

mdeslaur

in lucid+, NetX and the plugin moved to the icedtea-web package

jdstrand

sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked

References

Related Ubuntu Security Notices (USN)

    • USN-2089-1
    • OpenJDK 7 vulnerabilities
    • 23 January 2014
    • USN-2124-1
    • OpenJDK 6 vulnerabilities
    • 27 February 2014

Other references