~ubuntu-security/ubuntu-cve-tracker/master

PublicDateAtUSN: 2009-08-10
Candidate: CVE-2009-2476
PublicDate: 2009-08-10
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2476
 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1
 http://www.ubuntu.com/usn/usn-814-1
Description:
 The Java Management Extensions (JMX) implementation in Sun Java SE 6 before
 Update 15, and OpenJDK, does not properly enforce OpenType checks, which
 allows context-dependent attackers to bypass intended access restrictions
 by leveraging finalizer resurrection to obtain a reference to a privileged
 object.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=513220
Priority: medium
Discovered-by:
Assigned-to:

Patches_sun-java6:
upstream_sun-java6: released (6.15)
dapper_sun-java6: DNE
hardy_sun-java6: released (6.20dlj-0ubuntu1.8.04)
intrepid_sun-java6: needs-triage (reached end-of-life)
jaunty_sun-java6: released (6.20dlj-0ubuntu1.9.04)
karmic_sun-java6: released (6-15-1)
lucid_sun-java6: released (6-15-1)
maverick_sun-java6: not-affected
devel_sun-java6: DNE

Patches_sun-java5:
upstream_sun-java5: not-affected
dapper_sun-java5: ignored (reached end-of-life)
hardy_sun-java5: not-affected
intrepid_sun-java5: needs-triage (reached end-of-life)
jaunty_sun-java5: not-affected
karmic_sun-java5: DNE
lucid_sun-java5: DNE
maverick_sun-java5: DNE
devel_sun-java5: DNE

Patches_openjdk-6:
upstream_openjdk-6: released (6b16)
dapper_openjdk-6: DNE
hardy_openjdk-6: released (6b18-1.8.2-4ubuntu1~8.04.1)
intrepid_openjdk-6: released (6b12-0ubuntu6.5)
jaunty_openjdk-6: released (6b14-1.4.1-0ubuntu11)
karmic_openjdk-6: not-affected (6b16-1.6.1-0ubuntu1)
lucid_openjdk-6: not-affected (6b16-1.6.1-0ubuntu1)
maverick_openjdk-6: not-affected (6b16-1.6.1-0ubuntu1)
devel_openjdk-6: not-affected (6b16-1.6.1-0ubuntu1)

Patches_java:
upstream_java: needs-triage
dapper_java: DNE
hardy_java: DNE
intrepid_java: DNE
jaunty_java: DNE
karmic_java: DNE
lucid_java: DNE
maverick_java: DNE
devel_java: DNE