Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101
Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform.
Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition (CVE-2006-2426).
Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference, leading to denial of service (CVE-2009-0793).
The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition (CVE-2009-1093).
The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client (CVE-2009-1094).
The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability (CVE-2009-1101).
Several issues in Java Web Start have been addressed (CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098). The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless.
6b11-9.1+lenny2