CVE-2009-3875

Publication date 5 November 2009

Last updated 24 July 2024

Ubuntu priority

The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openjdk-6	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Fixed 6b16-1.6.1-3ubuntu1
	9.04 jaunty	Fixed 6b14-1.4.1-0ubuntu12
	8.10 intrepid	Fixed 6b12-0ubuntu6.6
	8.04 LTS hardy	Fixed 6b18-1.8.2-4ubuntu1~8.04.1
	6.06 LTS dapper	Not in release
sun-java5	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Ignored end of life
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Ignored end of life
sun-java6	10.10 maverick	Not affected
	10.04 LTS lucid	Fixed 6.20dlj-1ubuntu3
	9.10 karmic	Fixed 6.20dlj-0ubuntu1.9.10
	9.04 jaunty	Fixed 6.20dlj-0ubuntu1.9.04
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Fixed 6.20dlj-0ubuntu1.8.04
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-859-1
OpenJDK vulnerabilities
12 November 2009

CVE-2009-3875

Status

References

Related Ubuntu Security Notices (USN)

Other references