Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3864 to the following vulnerability: The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. References: ----------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3864 http://java.sun.com/javase/6/webnotes/6u17.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1 http://www.securityfocus.com/bid/36881 http://secunia.com/advisories/37231 http://www.vupen.com/english/advisories/2009/3131
This issue does not affect the versions of the java-1.5.0-sun package, as shipped with Red Hat Enterprise Linux 4 and 5. This issue does not affect the versions of the java-1.6.0-sun package, as shipped with Red Hat Enterprise Linux 4 and 5. This flaw only affects the JDK when running on the Windows platform.