Bug 532909

Summary: CVE-2009-3867 JRE HsbParser.getSoundBank Stack Buffer Overflow Vulnerability (6854303)
Product: [Other] Security Response Reporter: Mark J. Cox <mjc>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: high Docs Contact:
Priority: low    
Version: unspecifiedCC: bressers, jrusnack
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-11-05 21:04:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 532004    
Bug Blocks:    

Description Mark J. Cox 2009-11-04 10:07:31 UTC 
aka http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
  
  CR 6854303: An anonymous researcher, working with the Zero Day
  Initiative (http://www.zerodayinitiative.com) and TippingPoint
  (http://www.tippingpoint.com).

  "Multiple buffer and integer overflow vulnerabilities in the Java   
  Runtime Environment with processing audio and image files may allow an
  untrusted applet or Java Web Start application to escalate privileges."
Comment 1 Josh Bressers 2009-11-05 21:04:53 UTC 

*** This bug has been marked as a duplicate of bug 533214 ***