CVE-2009-2689

Publication date 10 August 2009

Last updated 24 July 2024

Ubuntu priority

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openjdk-6	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Fixed 6b14-1.4.1-0ubuntu11
	8.10 intrepid	Fixed 6b12-0ubuntu6.5
	8.04 LTS hardy	Fixed 6b18-1.8.2-4ubuntu1~8.04.1
	6.06 LTS dapper	Not in release
sun-java5	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Ignored end of life
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Not affected
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Ignored end of life
sun-java6	10.10 maverick	Not affected
	10.04 LTS lucid	Fixed 6-15-1
	9.10 karmic	Fixed 6-15-1
	9.04 jaunty	Fixed 6.20dlj-0ubuntu1.9.04
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Fixed 6.20dlj-0ubuntu1.8.04
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-814-1
OpenJDK vulnerabilities
11 August 2009

CVE-2009-2689

Status

References

Related Ubuntu Security Notices (USN)

Other references