Novell Home

CVE-2009-2475

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2009-2475 at MITRE

Description

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.

NVD CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entry: 528268, 537969

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 10.3
  • java-1_6_0-sun >= 1.6.0.u15-0.1
  • java-1_6_0-sun-alsa >= 1.6.0.u15-0.1
  • java-1_6_0-sun-debuginfo >= 1.6.0.u15-0.1
  • java-1_6_0-sun-demo >= 1.6.0.u15-0.1
  • java-1_6_0-sun-devel >= 1.6.0.u15-0.1
  • java-1_6_0-sun-jdbc >= 1.6.0.u15-0.1
  • java-1_6_0-sun-plugin >= 1.6.0.u15-0.1
  • java-1_6_0-sun-src >= 1.6.0.u15-0.1
openSUSE 10.3
  • java-1_5_0-sun >= 1.5.0_update20-0.1
  • java-1_5_0-sun-alsa >= 1.5.0_update20-0.1
  • java-1_5_0-sun-demo >= 1.5.0_update20-0.1
  • java-1_5_0-sun-devel >= 1.5.0_update20-0.1
  • java-1_5_0-sun-jdbc >= 1.5.0_update20-0.1
  • java-1_5_0-sun-plugin >= 1.5.0_update20-0.1
  • java-1_5_0-sun-src >= 1.5.0_update20-0.1

© 2012 Novell