Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-4002

Publication date 16 October 2013

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.

Read the notes from the security team

Status

Package Ubuntu Release Status
openjdk-6 13.10 saucy
Fixed 6b27-1.12.6-1ubuntu2.1
13.04 raring
Fixed 6b27-1.12.6-1ubuntu0.13.04.4
12.10 quantal
Fixed 6b27-1.12.6-1ubuntu0.12.10.4
12.04 LTS precise
Fixed 6b27-1.12.6-1ubuntu0.12.04.3
10.04 LTS lucid
Fixed 6b27-1.12.6-1ubuntu0.10.04.3
openjdk-7 13.10 saucy
Fixed 7u51-2.4.4-0ubuntu0.13.10.1
13.04 raring
Fixed 7u51-2.4.4-0ubuntu0.13.04.2
12.10 quantal
Fixed 7u51-2.4.4-0ubuntu0.12.10.2
12.04 LTS precise
Fixed 7u51-2.4.4-0ubuntu0.12.04.2
10.04 LTS lucid Not in release

Notes

jdstrand

no 2.3 update as of 2013/12/20. 2.4/armhf needs to be fixed

References

Related Ubuntu Security Notices (USN)

    • USN-2033-1
    • OpenJDK 6 vulnerabilities
    • 21 November 2013
    • USN-2089-1
    • OpenJDK 7 vulnerabilities
    • 23 January 2014

Other references