Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-1896

Published: 10 August 2009

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.

Notes

AuthorNote
mdeslaur
openjdk specific

Priority

Medium

Status

Package Release Status
openjdk-6
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (6b18-1.8.2-4ubuntu1~8.04.1)
intrepid
Released (6b12-0ubuntu6.5)
jaunty
Released (6b14-1.4.1-0ubuntu11)
karmic Not vulnerable
(6b16-1.6.1-0ubuntu1)
lucid Not vulnerable
(6b16-1.6.1-0ubuntu1)
maverick Not vulnerable
(6b16-1.6.1-0ubuntu1)
upstream
Released (6b16)
Patches:
vendor: http://cvs.fedora.redhat.com/viewvc/devel/java-1.6.0-openjdk/java-1.6.0-openjdk-netxandplugin.patch?revision=1.1
sun-java5
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy Not vulnerable

intrepid Ignored
(end of life, was needs-triage)
jaunty Not vulnerable

karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream Not vulnerable

sun-java6
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

intrepid Ignored
(end of life, was needs-triage)
jaunty Not vulnerable

karmic Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

upstream Not vulnerable