CVE-2013-4002

Publication date 16 October 2013

Last updated 24 July 2024


Ubuntu priority

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.

Read the notes from the security team

Status

Package Ubuntu Release Status
openjdk-6 13.10 saucy
Fixed 6b27-1.12.6-1ubuntu2.1
13.04 raring
Fixed 6b27-1.12.6-1ubuntu0.13.04.4
12.10 quantal
Fixed 6b27-1.12.6-1ubuntu0.12.10.4
12.04 LTS precise
Fixed 6b27-1.12.6-1ubuntu0.12.04.3
10.04 LTS lucid
Fixed 6b27-1.12.6-1ubuntu0.10.04.3
openjdk-7 13.10 saucy
Fixed 7u51-2.4.4-0ubuntu0.13.10.1
13.04 raring
Fixed 7u51-2.4.4-0ubuntu0.13.04.2
12.10 quantal
Fixed 7u51-2.4.4-0ubuntu0.12.10.2
12.04 LTS precise
Fixed 7u51-2.4.4-0ubuntu0.12.04.2
10.04 LTS lucid Not in release

Notes


jdstrand

no 2.3 update as of 2013/12/20. 2.4/armhf needs to be fixed

References

Related Ubuntu Security Notices (USN)

    • USN-2033-1
    • OpenJDK 6 vulnerabilities
    • 21 November 2013
    • USN-2089-1
    • OpenJDK 7 vulnerabilities
    • 23 January 2014

Other references