LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

java: multiple vulnerabilities

Package(s):java-1.6.0-sun CVE #(s):CVE-2009-3728 CVE-2009-3729 CVE-2009-3865 CVE-2009-3866 CVE-2009-3867 CVE-2009-3868 CVE-2009-3869 CVE-2009-3871 CVE-2009-3872 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 CVE-2009-3879 CVE-2009-3880 CVE-2009-3881 CVE-2009-3882 CVE-2009-3883 CVE-2009-3884 CVE-2009-3886
Created:November 9, 2009 Updated:April 28, 2010
Description:

From the Red Hat advisory (starting with bugzilla bug numbers): 

530053 - CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968)
530057 - CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities
(6863503)
530061 - CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911)
CVE-2009-3877
530062 - CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357)
530063 - CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)
530067 - CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow  (6874643)
530098 - CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533)
530173 - CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650)
530175 - CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables
(6657026,6657138)
530296 - CVE-2009-3880 OpenJDK UI logging information leakage(6664512)
530297 - CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057)
530300 - CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265)
532904 - CVE-2009-3729 JRE TrueType font parsing crash (6815780)
532906 - CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969)
532914 - CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets with signed Jar
files (6870531)
533211 - CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)
533212 - CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start Installer
(6872824)
533214 - CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file:
URL argument (6854303)
533215 - CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file
due improper color profiles parsing (6862970)
Alerts:
Mandriva MDVSA-2010:084 2010-04-28
Pardus 2010-22 2010-02-04
SuSE SUSE-SA:2010:004 2010-01-12
SuSE SUSE-SA:2010:003 2010-01-12
SuSE SUSE-SA:2010:002 2010-01-12
Red Hat RHSA-2009:1694-01 2009-12-23
Red Hat RHSA-2009:1647-01 2009-12-08
Red Hat RHSA-2009:1643-01 2009-12-07
rPath rPSA-2009-0156-1 2009-11-24
SuSE SUSE-SA:2009:058 2009-11-19
Fedora FEDORA-2009-11489 2009-11-14
Fedora FEDORA-2009-11486 2009-11-14
Fedora FEDORA-2009-11490 2009-11-14
Ubuntu USN-859-1 2009-11-13
Gentoo 200911-02 2009-11-17
CentOS CESA-2009:1584 2009-11-18
Red Hat RHSA-2009:1584-01 2009-11-16
Red Hat RHSA-2009:1560-01 2009-11-09
Red Hat RHSA-2009:1571-01 2009-11-10
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds