CVE-2009-2675

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-2675 at MITRE

Description

Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.

NVD CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entries: 525562, 528268, 537969, 548655

SUSE Security Advisories:

SUSE-SA:2009:043, published Fri, 07 Aug 2009 15:00:00 +0000
SUSE-SA:2009:053, published Wed, 04 Nov 2009 15:00:00 +0000
SUSE-SR:2009:016, published Tue, 13 Oct 2009 14:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 10 SP2 for x86	`java-1_5_0-ibm >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-alsa >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-demo >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-jdbc >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-plugin >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-src >= 1.5.0_sr10-0.3`	sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T	`java-1_5_0-ibm >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-32bit >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-demo >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-src >= 1.5.0_sr10-0.3`	sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380
SUSE Linux Enterprise Server 10 SP2 for x86	`java-1_5_0-ibm >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-alsa >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-jdbc >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-plugin >= 1.5.0_sr10-0.3`	sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`java-1_5_0-ibm >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-64bit >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-jdbc >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-plugin >= 1.5.0_sr10-0.3`	sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`java-1_5_0-ibm >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-32bit >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3`	sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T	`java-1_5_0-ibm >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-32bit >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr10-0.3` `java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3`	sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380
Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for x86	`IBMJava5-JRE >= 1.5.0-0.70` `IBMJava5-SDK >= 1.5.0-0.70`	core9.x86-64 sles9-oes.x86 core9.s390x core9.x86 core9.ppc core9.s390 sles9-nlpos.x86 YOU Patch Nr: 12461
SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit	`IBMJava5-JRE >= 1.5.0-0.71` `IBMJava5-SDK >= 1.5.0-0.71`	core9.x86-64 sles9-oes.x86 core9.s390x core9.x86 core9.ppc core9.s390 sles9-nlpos.x86 YOU Patch Nr: 12461
openSUSE 10.3	`java-1_6_0-sun >= 1.6.0.u15-0.1` `java-1_6_0-sun-alsa >= 1.6.0.u15-0.1` `java-1_6_0-sun-debuginfo >= 1.6.0.u15-0.1` `java-1_6_0-sun-demo >= 1.6.0.u15-0.1` `java-1_6_0-sun-devel >= 1.6.0.u15-0.1` `java-1_6_0-sun-jdbc >= 1.6.0.u15-0.1` `java-1_6_0-sun-plugin >= 1.6.0.u15-0.1` `java-1_6_0-sun-src >= 1.6.0.u15-0.1`
openSUSE 10.3	`java-1_5_0-sun >= 1.5.0_update20-0.1` `java-1_5_0-sun-alsa >= 1.5.0_update20-0.1` `java-1_5_0-sun-demo >= 1.5.0_update20-0.1` `java-1_5_0-sun-devel >= 1.5.0_update20-0.1` `java-1_5_0-sun-jdbc >= 1.5.0_update20-0.1` `java-1_5_0-sun-plugin >= 1.5.0_update20-0.1` `java-1_5_0-sun-src >= 1.5.0_update20-0.1`

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute