CVE-2009-1896

Publication date 10 August 2009

Last updated 24 July 2024

Ubuntu priority

Description

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openjdk-6	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Fixed 6b14-1.4.1-0ubuntu11
	8.10 intrepid	Fixed 6b12-0ubuntu6.5
	8.04 LTS hardy	Fixed 6b18-1.8.2-4ubuntu1~8.04.1
	6.06 LTS dapper	Not in release
sun-java5	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Not affected
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Ignored end of life
sun-java6	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not in release

Notes

mdeslaur

openjdk specific

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
openjdk-6	Vendor: http://cvs.fedora.redhat.com/viewvc/devel/java-1.6.0-openjdk/java-1.6.0-openjdk-netxandplugin.patch?revision=1.1

CVE-2009-1896

Description

Status

Notes

mdeslaur

Patch details

References

Related Ubuntu Security Notices (USN)

Other references