CVE-2009-1896

Name of the Vulnerable Software and Affected Versions: OpenJDK versions prior to 1.6.0.0-20.b16.fc10 on Fedora 10 OpenJDK versions prior to 1.6.0.0-27.b16.fc11 on Fedora 11

Description: The Java Web Start framework in IcedTea in OpenJDK has an issue where it trusts an entire application when at least one of the listed jar files is trusted. This allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.

Recommendations: For OpenJDK versions prior to 1.6.0.0-20.b16.fc10 on Fedora 10, update to version 1.6.0.0-20.b16.fc10 or later. For OpenJDK versions prior to 1.6.0.0-27.b16.fc11 on Fedora 11, update to version 1.6.0.0-27.b16.fc11 or later.