Bug 532906 (CVE-2009-3872)

Summary: CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969)
Product: [Other] Security Response Reporter: Mark J. Cox <mjc>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: low    
Version: unspecifiedCC: bressers, jlieskov, jrusnack, kreilly
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-22 15:41:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 532004, 543562, 543563, 543564, 545353, 545354, 549649, 549650, 554295, 589514, 589515    
Bug Blocks:    

Description Mark J. Cox 2009-11-04 10:04:59 UTC 
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1

regenrecht working with iDefense VCP
  
"Multiple buffer and integer overflow vulnerabilities in the Java Runtime Environment with processing audio and image files may allow an untrusted applet or Java Web Start application to escalate privileges."
Comment 1 Josh Bressers 2009-11-05 21:17:29 UTC 
*** Bug 533222 has been marked as a duplicate of this bug. ***
Comment 2 errata-xmlrpc 2009-11-09 15:04:58 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1560 https://rhn.redhat.com/errata/RHSA-2009-1560.html
Comment 4 errata-xmlrpc 2009-12-08 02:57:09 UTC 
This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for Red Hat Enterprise Linux 5
  Extras for RHEL 4

Via RHSA-2009:1643 https://rhn.redhat.com/errata/RHSA-2009-1643.html
Comment 6 errata-xmlrpc 2009-12-08 19:09:58 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1647 https://rhn.redhat.com/errata/RHSA-2009-1647.html
Comment 8 errata-xmlrpc 2009-12-23 17:34:25 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1694 https://rhn.redhat.com/errata/RHSA-2009-1694.html
Comment 10 errata-xmlrpc 2010-01-14 16:33:12 UTC 
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.3

Via RHSA-2010:0043 https://rhn.redhat.com/errata/RHSA-2010-0043.html