PublicDateAtUSN: 2010-10-19 Candidate: CVE-2010-3553 PublicDate: 2010-10-19 22:00:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 https://ubuntu.com/security/notices/USN-1010-1 Description: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. Ubuntu-Description: It was discovered that UIDefault.ProxyLazyValue had unsafe reflection usage, allowing an attacker to create objects. Notes: sbeattie> red hat description: UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. Bugs: Priority: low Discovered-by: Assigned-to: CVSS: Patches_openjdk-6: upstream_openjdk-6: needs-triage dapper_openjdk-6: DNE hardy_openjdk-6: released (1.8.2-4ubuntu1~8.04.1) jaunty_openjdk-6: released (1.8.2-4ubuntu1~9.04.1) karmic_openjdk-6: released (1.8.2-4ubuntu1~9.10.1) lucid_openjdk-6: released (1.8.2-4ubuntu2) maverick_openjdk-6: released (6b20-1.9.1-1ubuntu3) devel_openjdk-6: not-affected (6b20-1.10~pre2-0ubuntu5) Patches_sun-java6: upstream_sun-java6: needs-triage dapper_sun-java6: DNE hardy_sun-java6: released (6.22-0ubuntu1~8.04.1) jaunty_sun-java6: released (6.22-0ubuntu1~9.04.1) karmic_sun-java6: released (6.22-0ubuntu1~9.10.1) lucid_sun-java6: released (6.22-0ubuntu1~10.04) maverick_sun-java6: released (6.22-0ubuntu1~10.10) devel_sun-java6: DNE Patches_openjdk-6b18: upstream_openjdk-6b18: released (6b22) dapper_openjdk-6b18: DNE hardy_openjdk-6b18: DNE intrepid_openjdk-6b18: DNE karmic_openjdk-6b18: not-affected (6b18-1.8.4-0ubuntu1~9.10.1) lucid_openjdk-6b18: not-affected (6b18-1.8.3-0ubuntu1~10.04.1) maverick_openjdk-6b18: released (6b18-1.8.2-4ubuntu1) devel_openjdk-6b18: not-affected (6b18-1.8.3-1ubuntu3)