CVE-2010-4351

Priority
Medium
Description
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8
before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the
checkPermission method instead of throwing an exception in certain
circumstances, which might allow context-dependent attackers to bypass the
intended security policy by creating instances of ClassLoader.
References
Bugs
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (1.2-2ubuntu0.10.04.1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (1.1~20110406-0ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.1~20110406-0ubuntu1)
Package
Upstream:released (1.7.7,1.8.4,1.9.4)
Ubuntu 8.04 LTS (Hardy Heron):released (6b27-1.12.3-0ubuntu1~08.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):released (6b20-1.9.4-0ubuntu1~10.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (6b21~pre1-0ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):released (6b21~pre1-0ubuntu1)
Patches:
Upstream:http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/7ec6c82e69ee
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:released (1.7.7,1.8.4,1.9.4)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (6b18-1.8.4-0ubuntu1~10.04.1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (6b18-1.8.8~pre1-0ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (6b18-1.8.8~pre1-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2013-02-22 00:15:57 UTC (commit 6472)