Launchpad.net

CVE 2009-2670

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.

Related bugs and status

CVE-2009-2670 (Candidate) is related to these bugs:

Bug #85969: Java Docs Package Won't Install

		In	Importance	Status
85969	Java Docs Package Won't Install	sun-java6 (Ubuntu)	Medium	Fix Released
85969	Java Docs Package Won't Install	sun-java5 (Ubuntu)	Medium	Invalid
85969	Java Docs Package Won't Install	j2se1.4-i586 (Ubuntu)	Wishlist	Invalid

Bug #409559: version 1.6.0_15 is available

		In	Importance	Status
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu)	Undecided	Fix Released
409559	version 1.6.0_15 is available	The Dell Mini Project	Undecided	Invalid
409559	version 1.6.0_15 is available	Jaunty Jackalope Backports	Undecided	Invalid
409559	version 1.6.0_15 is available	Intrepid Ibex Backports	Undecided	Invalid
409559	version 1.6.0_15 is available	Hardy Backports	Undecided	Invalid
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Karmic)	Undecided	Fix Released
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Intrepid)	Undecided	Invalid
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Jaunty)	Undecided	Fix Released

Bug #420426: sun-java6 6b16 update for karmic, hardy and jaunty

		In	Importance	Status
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Jaunty)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Karmic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://sunsolve.sun.co...
SUNALERT: 263408
CONFIRM: http://java.sun.com/j2...
CONFIRM: http://java.sun.com/ja...
FEDORA: FEDORA-2009-8329
FEDORA: FEDORA-2009-8337
REDHAT: RHSA-2009:1199
REDHAT: RHSA-2009:1200
REDHAT: RHSA-2009:1201
SUSE: SUSE-SA:2009:043
BID: 35939
OSVDB: 56788
SECTRACK: 1022658
SECUNIA: 36162
SECUNIA: 36176
SECUNIA: 36180
SECUNIA: 36199
SECUNIA: 36248
MANDRIVA: MDVSA-2009:209
APPLE: APPLE-SA-2009-09-03-1
VUPEN: ADV-2009-2543
SUSE: SUSE-SR:2009:016
CERT: TA09-294A
SUSE: SUSE-SA:2009:053
GENTOO: GLSA-200911-02
SECUNIA: 37300
CONFIRM: http://www.vmware.com/...
SECUNIA: 37386
SECUNIA: 37460
VUPEN: ADV-2009-3316
CONFIRM: http://www.oracle.com/...
HP: HPSBUX02476
HP: SSRT090250
XF: jre-jdk-audiosystem-pr...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20091120 VMSA-2009-001...