CVE-2009-1896
Publication date 10 August 2009
Last updated 24 July 2024
Ubuntu priority
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.
Status
Package | Ubuntu Release | Status |
---|---|---|
openjdk-6 | 10.10 maverick |
Not affected
|
10.04 LTS lucid |
Not affected
|
|
9.10 karmic |
Not affected
|
|
9.04 jaunty |
Fixed 6b14-1.4.1-0ubuntu11
|
|
8.10 intrepid |
Fixed 6b12-0ubuntu6.5
|
|
8.04 LTS hardy |
Fixed 6b18-1.8.2-4ubuntu1~8.04.1
|
|
6.06 LTS dapper | Not in release | |
sun-java5 | 10.10 maverick | Not in release |
10.04 LTS lucid | Not in release | |
9.10 karmic | Not in release | |
9.04 jaunty |
Not affected
|
|
8.10 intrepid | Ignored end of life, was needs-triage | |
8.04 LTS hardy |
Not affected
|
|
6.06 LTS dapper | Ignored end of life | |
sun-java6 | 10.10 maverick |
Not affected
|
10.04 LTS lucid |
Not affected
|
|
9.10 karmic |
Not affected
|
|
9.04 jaunty |
Not affected
|
|
8.10 intrepid | Ignored end of life, was needs-triage | |
8.04 LTS hardy |
Not affected
|
|
6.06 LTS dapper | Not in release |
Notes
Patch details
Package | Patch details |
---|---|
openjdk-6 |