CVE-2009-3879
First published: Thu Oct 22 2009(Updated: )
Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun Java Runtime Environment (JRE) | <=1.5.0 | |
| Sun Java Runtime Environment (JRE) | <=1.6.0 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_1 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_11 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_12 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_13 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_14 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_15 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_16 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_17 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_18 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_19 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_2 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_20 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_3 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_4 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_5 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_6 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_7 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_8 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update_9 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update10 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_1 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_10 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_11 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_12 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_13 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_14 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_15 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_2 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_3 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_4 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_5 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_6 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_7 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_8 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_9 | |
| OpenJDK 1.7.0 Headless |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://java.sun.com/javase/6/webnotes/6u17.html
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
- https://bugzilla.redhat.com/show_bug.cgi?id=530297
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://secunia.com/advisories/37386
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545
- https://rhn.redhat.com/errata/RHSA-2009-1560.html
- https://rhn.redhat.com/errata/RHSA-2009-1571.html
- http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-33.b16.fc12
- http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-23.b16.fc10
- http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-30.b16.fc11
- https://rhn.redhat.com/errata/RHSA-2009-1584.html
- https://rhn.redhat.com/errata/RHSA-2009-1662.html
Frequently Asked Questions
What is the severity of CVE-2009-3879?
The severity of CVE-2009-3879 is currently unknown due to the unspecified nature of the vulnerabilities.
How do I fix CVE-2009-3879?
To fix CVE-2009-3879, it is recommended to upgrade to the latest versions of Sun Java SE or OpenJDK.
Which versions are affected by CVE-2009-3879?
CVE-2009-3879 affects multiple versions of Sun Java SE 5.0 and 6, specifically those prior to Update 22 for 5.0 and Update 17 for 6.
What are the attack vectors for CVE-2009-3879?
The attack vectors for CVE-2009-3879 are not clearly defined as the vulnerabilities are unspecified.
Is there a workaround for CVE-2009-3879?
There are no documented workarounds for CVE-2009-3879; the best mitigation is upgrading the affected software.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3879
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sun
- canonical/sun java runtime environment (jre)
- version/sun java runtime environment (jre)/1.5.0
- version/sun java runtime environment (jre)/1.6.0
- version/sun java runtime environment (jre)/1.5.0-update_1
- version/sun java runtime environment (jre)/1.5.0-update_11
- version/sun java runtime environment (jre)/1.5.0-update_12
- version/sun java runtime environment (jre)/1.5.0-update_13
- version/sun java runtime environment (jre)/1.5.0-update_14
- version/sun java runtime environment (jre)/1.5.0-update_15
- version/sun java runtime environment (jre)/1.5.0-update_16
- version/sun java runtime environment (jre)/1.5.0-update_17
- version/sun java runtime environment (jre)/1.5.0-update_18
- version/sun java runtime environment (jre)/1.5.0-update_19
- version/sun java runtime environment (jre)/1.5.0-update_2
- version/sun java runtime environment (jre)/1.5.0-update_20
- version/sun java runtime environment (jre)/1.5.0-update_3
- version/sun java runtime environment (jre)/1.5.0-update_4
- version/sun java runtime environment (jre)/1.5.0-update_5
- version/sun java runtime environment (jre)/1.5.0-update_6
- version/sun java runtime environment (jre)/1.5.0-update_7
- version/sun java runtime environment (jre)/1.5.0-update_8
- version/sun java runtime environment (jre)/1.5.0-update_9
- version/sun java runtime environment (jre)/1.5.0-update10
- version/sun java runtime environment (jre)/1.6.0-update_1
- version/sun java runtime environment (jre)/1.6.0-update_10
- version/sun java runtime environment (jre)/1.6.0-update_11
- version/sun java runtime environment (jre)/1.6.0-update_12
- version/sun java runtime environment (jre)/1.6.0-update_13
- version/sun java runtime environment (jre)/1.6.0-update_14
- version/sun java runtime environment (jre)/1.6.0-update_15
- version/sun java runtime environment (jre)/1.6.0-update_2
- version/sun java runtime environment (jre)/1.6.0-update_3
- version/sun java runtime environment (jre)/1.6.0-update_4
- version/sun java runtime environment (jre)/1.6.0-update_5
- version/sun java runtime environment (jre)/1.6.0-update_6
- version/sun java runtime environment (jre)/1.6.0-update_7
- version/sun java runtime environment (jre)/1.6.0-update_8
- version/sun java runtime environment (jre)/1.6.0-update_9
- canonical/openjdk 1.7.0 headless