Launchpad CVE tracker

CVE 2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Related bugs and status

CVE-2009-2625 (Candidate) is related to these bugs:

Bug #85969: Java Docs Package Won't Install

		In	Importance	Status
85969	Java Docs Package Won't Install	sun-java6 (Ubuntu)	Medium	Fix Released
85969	Java Docs Package Won't Install	sun-java5 (Ubuntu)	Medium	Invalid
85969	Java Docs Package Won't Install	j2se1.4-i586 (Ubuntu)	Wishlist	Invalid

Bug #409559: version 1.6.0_15 is available

		In	Importance	Status
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu)	Undecided	Fix Released
409559	version 1.6.0_15 is available	The Dell Mini Project	Undecided	Invalid
409559	version 1.6.0_15 is available	Jaunty Jackalope Backports	Undecided	Invalid
409559	version 1.6.0_15 is available	Intrepid Ibex Backports	Undecided	Invalid
409559	version 1.6.0_15 is available	Hardy Backports	Undecided	Invalid
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Karmic)	Undecided	Fix Released
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Intrepid)	Undecided	Invalid
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Jaunty)	Undecided	Fix Released

Bug #420426: sun-java6 6b16 update for karmic, hardy and jaunty

		In	Importance	Status
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Jaunty)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Karmic)	Undecided	Fix Released

Bug #611731: Segmentation fault when parsing malformed XML (null pointer dereference)

Summary				In	Importance	Status
	611731	Segmentation fault when parsing malformed XML (null pointer dereference)		python2.3-xml (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.cert.fi/en/...
MISC: http://www.codenomicon...
MISC: http://www.networkworl...
CONFIRM: http://sunsolve.sun.co...
SUNALERT: 263489
FEDORA: FEDORA-2009-8329
FEDORA: FEDORA-2009-8337
REDHAT: RHSA-2009:1199
REDHAT: RHSA-2009:1200
REDHAT: RHSA-2009:1201
SECTRACK: 1022680
SECUNIA: 36162
SECUNIA: 36176
SECUNIA: 36180
SECUNIA: 36199
BID: 35958
MANDRIVA: MDVSA-2009:209
APPLE: APPLE-SA-2009-09-03-1
VUPEN: ADV-2009-2543
SUSE: SUSE-SR:2009:016
CERT: TA09-294A
MLIST: [oss-security] 2009090...
MLIST: [oss-security] 2009102...
MLIST: [oss-security] 2009102...
MLIST: [oss-security] 2009102...
SUSE: SUSE-SA:2009:053
SECUNIA: 37300
CONFIRM: http://www.vmware.com/...
SECUNIA: 37460
VUPEN: ADV-2009-3316
REDHAT: RHSA-2009:1615
SUSE: SUSE-SR:2009:017
CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2009:1636
REDHAT: RHSA-2009:1637
REDHAT: RHSA-2009:1649
REDHAT: RHSA-2009:1650
SUNALERT: 272209
SECUNIA: 37671
SECUNIA: 37754
CERT: TA10-012A
DEBIAN: DSA-1984
SECUNIA: 38342
UBUNTU: USN-890-1
SECUNIA: 38231
SUNALERT: 1021506
SUSE: SUSE-SR:2010:013
SECUNIA: 43300
VUPEN: ADV-2011-0359
MANDRIVA: MDVSA-2011:108
REDHAT: RHSA-2011:0858
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
REDHAT: RHSA-2012:1232
SECUNIA: 50549
REDHAT: RHSA-2012:1537
CONFIRM: http://svn.apache.org/...
HP: HPSBUX02476
HP: SSRT090250
SLACKWARE: SSA:2011-041-02
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20091120 VMSA-2009-001...
MLIST: [lucene-solr-user] 202...
MLIST: [lucene-solr-user] 202...

Launchpad.net

CVE 2009-2625

Related bugs and status

Related bugs

References