openjdk team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

The "Java.Exploit.CVE_2013_2465" virus takes advantage of unpatched
versions of Java and OpenJDK which are vulnerable to CVE-2013-2465. The
signature isn't meant to detect the vulnerability itself, but a specific
piece of malware that targets it.

OpenJDK got updated for this CVE in July:
http://www.ubuntu.com/usn/usn-1908-1/

It is likely that the ClamAV signature simply includes the API that is
being used by the malware, and that API happens to also be used by code
in the rt.jar file.

I agree, this is likely a bug in the clamav signature database, which we
do not ship in Ubuntu.

I am closing this bug since there is no actionable item. If you want
this to be corrected in the ClamAV database, I suggest filing a bug with
the ClamAV project here:

http://www.clamav.net/lang/en/sendvirus/submit-fp/

Thanks.

** Changed in: clamav (Ubuntu)
       Status: New => Won't Fix

** Changed in: clamav (Ubuntu)
       Status: Won't Fix => Invalid

** Changed in: openjdk-6 (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/1224723

Title:
  Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless

Status in “clamav” package in Ubuntu:
  Invalid
Status in “openjdk-6” package in Ubuntu:
  Invalid

Bug description:
  Running a clamscan on a Ubuntu 12.04.3 system reports that
  vunlerability CVE-2013-2465 was detected in version
  6b27-1.12.6-1ubuntu0.12.04.2 of openjdk-6-jre-headless:

  Run this:
  #/usr/bin/clamscan -ri --max-filesize=100M /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/

  Get this:
  /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar: Java.Exploit.CVE_2013_2465 FOUND

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1224723/+subscriptions