Novell Home

CVE-2009-2675

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2009-2675 at MITRE

Description

Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
Novell Bugzilla entries: 525562,528268,537969,548655

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.0
  • java-1_6_0-openjdk-debuginfo >= 1.6_b16-0.1
  • java-1_6_0-openjdk-debugsource >= 1.6_b16-0.1
 SAT Patch Nr: 1330
openSUSE 11.0
  • java-1_6_0-openjdk >= 1.6_b16-0.1
  • java-1_6_0-openjdk-demo >= 1.6_b16-0.1
  • java-1_6_0-openjdk-devel >= 1.6_b16-0.1
  • java-1_6_0-openjdk-javadoc >= 1.6_b16-0.1
  • java-1_6_0-openjdk-plugin >= 1.6_b16-0.1
  • java-1_6_0-openjdk-src >= 1.6_b16-0.1
 SAT Patch Nr: 1330
openSUSE 11.1
  • java-1_6_0-openjdk-debuginfo >= 1.6_b16-0.1.3
  • java-1_6_0-openjdk-debugsource >= 1.6_b16-0.1.3
 SAT Patch Nr: 1330
openSUSE 11.1
  • java-1_6_0-openjdk >= 1.6_b16-0.1.3
  • java-1_6_0-openjdk-demo >= 1.6_b16-0.1.3
  • java-1_6_0-openjdk-devel >= 1.6_b16-0.1.3
  • java-1_6_0-openjdk-javadoc >= 1.6_b16-0.1.3
  • java-1_6_0-openjdk-plugin >= 1.6_b16-0.1.3
  • java-1_6_0-openjdk-src >= 1.6_b16-0.1.3
 SAT Patch Nr: 1330
SLE 11
  • java-1_6_0-ibm >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr6-1.1.1
 sle11. x86
sle11. x86-64
sle11. x86-64
sle11. ppc
sle11. ppc
sle11. x86
sle11. s390x
sle11. s390x
SAT Patch Nr: 1497
SLE 11
  • java-1_6_0-ibm-devel >= 1.6.0_sr6-1.1.1
 sle11. x86
sle11. x86-64
sle11. x86-64
sle11. ppc
sle11. ppc
sle11. x86
sle11. s390x
sle11. s390x
SAT Patch Nr: 1497
SLES 11
  • java-1_6_0-ibm >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr6-1.1.1
 sle11. x86
sle11. x86-64
sle11. x86-64
sle11. ppc
sle11. ppc
sle11. x86
sle11. s390x
sle11. s390x
SAT Patch Nr: 1497
SLES 11
  • java-1_6_0-ibm >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr6-1.1.1
 sle11. x86
sle11. x86-64
sle11. x86-64
sle11. ppc
sle11. ppc
sle11. x86
sle11. s390x
sle11. s390x
SAT Patch Nr: 1497
SUSE Linux Enterprise Desktop 10 SP2 for x86
  • java-1_5_0-ibm >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-alsa >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-demo >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-plugin >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-src >= 1.5.0_sr10-0.3
 sles10-sp2. x86-64
sles10-sp2. ppc
sled10-sp2. x86-64
sled10-sp2. x86
sles10-sp2. x86
sles10-sp2. s390x
ZYPP Patch Nr: 6380
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
  • java-1_5_0-ibm >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-32bit >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-demo >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-src >= 1.5.0_sr10-0.3
 sles10-sp2. x86-64
sles10-sp2. ppc
sled10-sp2. x86-64
sled10-sp2. x86
sles10-sp2. x86
sles10-sp2. s390x
ZYPP Patch Nr: 6380
SUSE Linux Enterprise Server 10 SP2 for x86
  • java-1_5_0-ibm >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-alsa >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-plugin >= 1.5.0_sr10-0.3
 sles10-sp2. x86-64
sles10-sp2. ppc
sled10-sp2. x86-64
sled10-sp2. x86
sles10-sp2. x86
sles10-sp2. s390x
ZYPP Patch Nr: 6380
SUSE Linux Enterprise Server 10 SP2 for IBM POWER
  • java-1_5_0-ibm >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-64bit >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-plugin >= 1.5.0_sr10-0.3
 sles10-sp2. x86-64
sles10-sp2. ppc
sled10-sp2. x86-64
sled10-sp2. x86
sles10-sp2. x86
sles10-sp2. s390x
ZYPP Patch Nr: 6380
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit
  • java-1_5_0-ibm >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-32bit >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3
 sles10-sp2. x86-64
sles10-sp2. ppc
sled10-sp2. x86-64
sled10-sp2. x86
sles10-sp2. x86
sles10-sp2. s390x
ZYPP Patch Nr: 6380
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
  • java-1_5_0-ibm >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-32bit >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-devel >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr10-0.3
  • java-1_5_0-ibm-fonts >= 1.5.0_sr10-0.3
 sles10-sp2. x86-64
sles10-sp2. ppc
sled10-sp2. x86-64
sled10-sp2. x86
sles10-sp2. x86
sles10-sp2. s390x
ZYPP Patch Nr: 6380
Novell Linux POS 9
Open Enterprise Server
SUSE CORE 9 for x86
  • IBMJava5-JRE >= 1.5.0-0.70
  • IBMJava5-SDK >= 1.5.0-0.70
 core9. x86-64
sles9-oes. x86
core9. s390x
core9. x86
core9. ppc
core9. s390
sles9-nlpos. x86
YOU Patch Nr: 12461
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
  • IBMJava5-JRE >= 1.5.0-0.71
  • IBMJava5-SDK >= 1.5.0-0.71
 core9. x86-64
sles9-oes. x86
core9. s390x
core9. x86
core9. ppc
core9. s390
sles9-nlpos. x86
YOU Patch Nr: 12461
openSUSE 10.3
  • java-1_6_0-sun >= 1.6.0.u15-0.1
  • java-1_6_0-sun-alsa >= 1.6.0.u15-0.1
  • java-1_6_0-sun-debuginfo >= 1.6.0.u15-0.1
  • java-1_6_0-sun-demo >= 1.6.0.u15-0.1
  • java-1_6_0-sun-devel >= 1.6.0.u15-0.1
  • java-1_6_0-sun-jdbc >= 1.6.0.u15-0.1
  • java-1_6_0-sun-plugin >= 1.6.0.u15-0.1
  • java-1_6_0-sun-src >= 1.6.0.u15-0.1
 ZYPP Patch Nr: 6395
SAT Patch Nr: 1161
openSUSE 11.0
  • java-1_6_0-sun >= 1.6.0.u15-0.1
  • java-1_6_0-sun-alsa >= 1.6.0.u15-0.1
  • java-1_6_0-sun-demo >= 1.6.0.u15-0.1
  • java-1_6_0-sun-devel >= 1.6.0.u15-0.1
  • java-1_6_0-sun-jdbc >= 1.6.0.u15-0.1
  • java-1_6_0-sun-plugin >= 1.6.0.u15-0.1
  • java-1_6_0-sun-src >= 1.6.0.u15-0.1
 ZYPP Patch Nr: 6395
SAT Patch Nr: 1161
openSUSE 11.1
  • java-1_6_0-sun >= 1.6.0.u15-0.1.1
  • java-1_6_0-sun-alsa >= 1.6.0.u15-0.1.1
  • java-1_6_0-sun-devel >= 1.6.0.u15-0.1.1
  • java-1_6_0-sun-jdbc >= 1.6.0.u15-0.1.1
  • java-1_6_0-sun-plugin >= 1.6.0.u15-0.1.1
  • java-1_6_0-sun-src >= 1.6.0.u15-0.1.1
 ZYPP Patch Nr: 6395
SAT Patch Nr: 1161
SLES 11 DEBUGINFO
  • java-1_6_0-sun-debuginfo >= 1.6.0.u15-0.1.1
 sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1163
SLED 11
  • java-1_6_0-sun >= 1.6.0.u15-0.1.1
  • java-1_6_0-sun-alsa >= 1.6.0.u15-0.1.1
  • java-1_6_0-sun-demo >= 1.6.0.u15-0.1.1
  • java-1_6_0-sun-jdbc >= 1.6.0.u15-0.1.1
  • java-1_6_0-sun-plugin >= 1.6.0.u15-0.1.1
  • java-1_6_0-sun-src >= 1.6.0.u15-0.1.1
 sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
SAT Patch Nr: 1163
openSUSE 10.3
openSUSE 11.0
  • java-1_5_0-sun >= 1.5.0_update20-0.1
  • java-1_5_0-sun-alsa >= 1.5.0_update20-0.1
  • java-1_5_0-sun-demo >= 1.5.0_update20-0.1
  • java-1_5_0-sun-devel >= 1.5.0_update20-0.1
  • java-1_5_0-sun-jdbc >= 1.5.0_update20-0.1
  • java-1_5_0-sun-plugin >= 1.5.0_update20-0.1
  • java-1_5_0-sun-src >= 1.5.0_update20-0.1
 ZYPP Patch Nr: 6396
SAT Patch Nr: 1162
openSUSE 11.1
  • java-1_5_0-sun >= 1.5.0_update20-0.1.1
  • java-1_5_0-sun-alsa >= 1.5.0_update20-0.1.1
  • java-1_5_0-sun-devel >= 1.5.0_update20-0.1.1
  • java-1_5_0-sun-jdbc >= 1.5.0_update20-0.1.1
  • java-1_5_0-sun-plugin >= 1.5.0_update20-0.1.1
  • java-1_5_0-sun-src >= 1.5.0_update20-0.1.1
 ZYPP Patch Nr: 6396
SAT Patch Nr: 1162

Novell® Making IT Work As One

© 2010 Novell