OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit is vulnerable to sandbox restriction bypass. JDBC driver manager could incorrectly call toString()
method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject()
method. Using this flaw, an untrusted application can bypass sandbox restriction.
blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/98ad2f1e25d1
icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.9/NEWS
lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
rhn.redhat.com/errata/RHSA-2013-0752.html
rhn.redhat.com/errata/RHSA-2013-0757.html
security.gentoo.org/glsa/glsa-201406-32.xml
www.mandriva.com/security/advisories?name=MDVSA-2013:145
www.mandriva.com/security/advisories?name=MDVSA-2013:161
www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
www.ubuntu.com/usn/USN-1806-1
www.us-cert.gov/ncas/alerts/TA13-107A
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=952653
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16683
rhn.redhat.com/errata/RHSA-2013-0751.html
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130