CVE-2009-1096

Published: 25 March 2009

Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.

Priority

Status

Package	Release	Status
openjdk-6 Launchpad, Ubuntu, Debian	dapper	Does not exist
	gutsy	Does not exist
	hardy	Released (6b18-1.8.2-4ubuntu1~8.04.1)
	intrepid	Released (6b12-0ubuntu6.4)
	jaunty	Not vulnerable
	karmic	Not vulnerable
	lucid	Not vulnerable
	maverick	Not vulnerable
	upstream	Needs triage
sun-java5 Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	gutsy	Ignored (end of life, was needs-triage)
	hardy	Not vulnerable (1.5.0-22-0ubuntu0.8.04)
	intrepid	Ignored (end of life, was needs-triage)
	jaunty	Not vulnerable (1.5.0-19-0ubuntu0.9.04)
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	upstream	Released (1.5.0-18)
sun-java6 Launchpad, Ubuntu, Debian	dapper	Does not exist
	gutsy	Ignored (end of life, was needs-triage)
	hardy	Released (6.20dlj-0ubuntu1.8.04)
	intrepid	Ignored (end of life, was needs-triage)
	jaunty	Released (6.20dlj-0ubuntu1.9.04)
	karmic	Released (6.20dlj-0ubuntu1.9.10)
	lucid	Released (6.20dlj-1ubuntu3)
	maverick	Not vulnerable
	upstream	Released (6.13)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2009-1096

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading