Apple Java security update for CVE-2009-1097
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | March 24, 2009 | January 25, 2012 | February 12, 2015 |
Description
Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- BID-34240
- CVE-2009-1097
- DEBIAN-DSA-1769
- OVAL-OVAL11241
- OVAL-OVAL6288
- REDHAT-RHSA-2009:0377
- REDHAT-RHSA-2009:0392
- REDHAT-RHSA-2009:1038
- REDHAT-RHSA-2009:1198
- SUSE-SUSE-SA:2009:016
- SUSE-SUSE-SA:2009:029
- SUSE-SUSE-SA:2009:036
- URL: http://support.apple.com/kb/HT3632
- URL: http://support.apple.com/kb/HT3633
- XF-49475
Solution
apple-java-upgrade-1_4_2_21Related Vulnerabilities
- JRE Temporary Font Files Denial of Service
- SUSE Linux Security Advisory: SUSE-SA:2009:016
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1107)
- SUSE Linux Security Vulnerability: CVE-2009-1105
- VMSA-2009-0014: JRE Security Update (CVE-2009-1101)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1094)
- Apple Java security update for CVE-2009-1094
- SUSE Linux Security Vulnerability: CVE-2009-1104
- Java CPU July 2009 unspecified vulnerability
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1105)
- SUSE Linux Security Vulnerability: CVE-2009-1093
- RHSA-2009:0394: java-1.5.0-sun security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1093)
- VMSA-2009-0014: JRE Security Update (CVE-2009-1099)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1102)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1104)
- SUSE Linux Security Vulnerability: CVE-2009-1095
- VMSA-2009-0014: JRE Security Update (CVE-2009-1105)
- RHSA-2009:0377: java-1.6.0-openjdk security update
- Apple Java security update for CVE-2009-1103
- Apple Java security update for CVE-2009-1096
- RHSA-2009:0392: java-1.6.0-sun security update
- SUSE Linux Security Vulnerability: CVE-2009-1107
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1098)
- Apple Java security update for CVE-2009-1095
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1097)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1101)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1106)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1093)
- Apple Java security update for CVE-2009-1100
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1099)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1097)
- Java CPU July 2009 unspecified vulnerability
- VMSA-2009-0014: JRE Security Update (CVE-2009-1106)
- Java CPU July 2009 unspecified vulnerability
- Java CPU July 2009 unspecified vulnerability
- JRE Code Generation
- Apple Java security update for CVE-2009-1098
- SUSE Linux Security Vulnerability: CVE-2009-1102
- VMSA-2009-0014: JRE Security Update (CVE-2009-1093)
- JRE Unpack200 Memory Corruption Vulnerabilities
- JRE Multiple Java Plug-in Vulnerabilities
- Java CPU July 2009 unspecified vulnerability
- Java CPU July 2009 unspecified vulnerability
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1100)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1100)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1106)
- VMSA-2009-0014: JRE Security Update (CVE-2009-1097)
- SUSE Linux Security Vulnerability: CVE-2009-1099
- Apple Java security update for CVE-2009-1107
- SUSE Linux Security Vulnerability: CVE-2009-1094
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1102)
- Java CPU July 2009 unspecified vulnerability
- JRE Image and Font Processing Vulnerabilities
- Cent OS: CVE-2009-1098: CESA-2009:0377 (java-1.6.0-openjdk)
- SUSE Linux Security Vulnerability: CVE-2009-1096
- SUSE Linux Security Vulnerability: CVE-2009-1106
- JRE LDAP Remote Code Execution
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1094)
- VMSA-2009-0014: JRE Security Update (CVE-2009-1095)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1101)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1105)
- Java CPU July 2009 unspecified vulnerability
- VMSA-2009-0014: JRE Security Update (CVE-2009-1096)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1105)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1107)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1099)
- Apple Java security update for CVE-2009-1101
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1095)
- Cent OS: CVE-2009-1094: CESA-2009:0377 (java-1.6.0-openjdk)
- JRE HTTP Server File Descriptor Leak
- Cent OS: CVE-2009-1096: CESA-2009:0377 (java-1.6.0-openjdk)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1100)
- Apple Java security update for CVE-2009-1106
- RHSA-2009:1038: java-1.5.0-ibm security update
- RHSA-2010:0043: Red Hat Network Satellite Server IBM Java Runtime security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1106)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1096)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1107)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1104)
- Cent OS: CVE-2009-1095: CESA-2009:0377 (java-1.6.0-openjdk)
- USN-748-1: OpenJDK vulnerabilities
- VMSA-2009-0014: JRE Security Update (CVE-2009-1104)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1096)
- Java CPU July 2009 unspecified vulnerability
- Java CPU July 2009 unspecified vulnerability
- Java CPU July 2009 unspecified vulnerability
- SUSE Linux Security Vulnerability: CVE-2009-1097
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1094)
- VMSA-2009-0014: JRE Security Update (CVE-2009-1107)
- SUSE Linux Security Vulnerability: CVE-2009-1101
- Apple Java security update for CVE-2009-1099
- RHSA-2009:1662: Red Hat Network Satellite Server Sun Java Runtime security update
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1099)
- Cent OS: CVE-2009-1102: CESA-2009:0377 (java-1.6.0-openjdk)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1095)
- VMSA-2009-0014: JRE Security Update (CVE-2009-1100)
- RHSA-2009:1551: java-1.4.2-ibm security update
- Java CPU July 2009 unspecified vulnerability
- SUSE Linux Security Vulnerability: CVE-2009-1100