Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-2475

Published: 10 August 2009

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.

Priority

Medium

Status

Package Release Status
java
Launchpad, Ubuntu, Debian 		dapper Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream Needs triage

openjdk-6
Launchpad, Ubuntu, Debian 		dapper Does not exist

hardy
Released (6b18-1.8.2-4ubuntu1~8.04.1)
intrepid
Released (6b12-0ubuntu6.5)
jaunty
Released (6b14-1.4.1-0ubuntu11)
karmic Not vulnerable
(6b16-1.6.1-0ubuntu1)
lucid Not vulnerable
(6b16-1.6.1-0ubuntu1)
maverick Not vulnerable
(6b16-1.6.1-0ubuntu1)
upstream
Released (6b16)
sun-java5
Launchpad, Ubuntu, Debian 		dapper Ignored
(end of life)
gutsy Ignored
(end of life, was needs-triage)
hardy Not vulnerable
(1.5.0-22-0ubuntu0.8.04)
intrepid Ignored
(end of life, was needs-triage)
jaunty Ignored
(end of life)
karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream
Released (1.5.0-20)
sun-java6
Launchpad, Ubuntu, Debian 		dapper Does not exist

hardy
Released (6.20dlj-0ubuntu1.8.04)
intrepid Ignored
(end of life, was needs-triage)
jaunty
Released (6.20dlj-0ubuntu1.9.04)
karmic
Released (6-15-1)
lucid
Released (6-15-1)
maverick Not vulnerable

upstream
Released (6.15)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading