530063 – (CVE-2009-3871) CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)

Bug 530063 (CVE-2009-3871) - CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)

Summary: CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2009-3871
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	533220 (view as bug list)
Depends On:	530367 530368 532004 532005 543562 543563 543564 545353 545354 549649 549650 554295 589514 589515
Blocks:
TreeView+	depends on / blocked

Reported:	2009-10-21 12:33 UTC by Marc Schoenefeld
Modified:	2019-09-29 12:33 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-08-22 15:41:17 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:1560	normal	SHIPPED_LIVE	Critical: java-1.6.0-sun security update	2009-11-09 15:04:13 UTC
Red Hat Product Errata	RHSA-2009:1584	normal	SHIPPED_LIVE	Important: java-1.6.0-openjdk security update	2009-11-16 15:44:53 UTC
Red Hat Product Errata	RHSA-2009:1643	normal	SHIPPED_LIVE	Critical: java-1.4.2-ibm security update	2009-12-08 02:56:40 UTC
Red Hat Product Errata	RHSA-2009:1647	normal	SHIPPED_LIVE	Critical: java-1.5.0-ibm security update	2009-12-08 19:09:07 UTC
Red Hat Product Errata	RHSA-2009:1694	normal	SHIPPED_LIVE	Critical: java-1.6.0-ibm security update	2009-12-23 17:33:56 UTC
Red Hat Product Errata	RHSA-2010:0043	normal	SHIPPED_LIVE	Low: Red Hat Network Satellite Server IBM Java Runtime security update	2010-01-14 16:32:02 UTC
Red Hat Product Errata	RHSA-2010:0408	normal	SHIPPED_LIVE	Moderate: java-1.4.2-ibm security update	2010-05-12 16:21:43 UTC
Sun Bug Database	6872358	None	None	None	Never

Comment 3 Mark J. Cox 2009-11-03 23:04:09 UTC

  A buffer overflow vulnerability in the Java Runtime Environment
  with processing image files may allow an untrusted applet or
  Java Web Start application to escalate privileges. For example,
  an untrusted applet may grant itself permissions to read and write
  local files or execute local applications that are accessible to
  the user running the untrusted applet.

Comment 4 Josh Bressers 2009-11-05 21:15:20 UTC

*** Bug 533220 has been marked as a duplicate of this bug. ***

Comment 5 errata-xmlrpc 2009-11-09 15:04:40 UTC

This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1560 https://rhn.redhat.com/errata/RHSA-2009-1560.html

Comment 6 Fedora Update System 2009-11-13 08:45:37 UTC

java-1.6.0-openjdk-1.6.0.0-33.b16.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-33.b16.fc12

Comment 7 Fedora Update System 2009-11-13 08:49:30 UTC

java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-23.b16.fc10

Comment 8 Fedora Update System 2009-11-13 16:34:45 UTC

java-1.6.0-openjdk-1.6.0.0-30.b16.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-30.b16.fc11

Comment 9 Fedora Update System 2009-11-14 03:29:39 UTC

java-1.6.0-openjdk-1.6.0.0-30.b16.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2009-11-14 03:31:33 UTC

java-1.6.0-openjdk-1.6.0.0-33.b16.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2009-11-14 03:32:46 UTC

java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 errata-xmlrpc 2009-11-16 15:45:13 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1584 https://rhn.redhat.com/errata/RHSA-2009-1584.html

Comment 14 errata-xmlrpc 2009-12-08 02:57:05 UTC

This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for Red Hat Enterprise Linux 5
  Extras for RHEL 4

Via RHSA-2009:1643 https://rhn.redhat.com/errata/RHSA-2009-1643.html

Comment 16 errata-xmlrpc 2009-12-08 19:09:49 UTC

This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1647 https://rhn.redhat.com/errata/RHSA-2009-1647.html

Comment 18 errata-xmlrpc 2009-12-23 17:34:21 UTC

This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1694 https://rhn.redhat.com/errata/RHSA-2009-1694.html

Comment 20 errata-xmlrpc 2010-01-14 16:33:08 UTC

This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.3

Via RHSA-2010:0043 https://rhn.redhat.com/errata/RHSA-2010-0043.html

Comment 22 errata-xmlrpc 2010-05-12 16:22:08 UTC

This issue has been addressed in following products:

  RHEL 4 for SAP
  RHEL 5 for SAP

Via RHSA-2010:0408 https://rhn.redhat.com/errata/RHSA-2010-0408.html

Note You need to log in before you can comment on or make changes to this bug.