CVE-2010-4351

Priority
Medium
Description
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8
before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the
checkPermission method instead of throwing an exception in certain
circumstances, which might allow context-dependent attackers to bypass the
intended security policy by creating instances of ClassLoader.
References
Bugs
Package
Upstream:needs-triage
Package
Upstream:released (1.7.7,1.8.4,1.9.4)
Patches:
Upstream:http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/7ec6c82e69ee
Package
Upstream:not-affected
Package
Upstream:not-affected
Package
Upstream:released (1.7.7,1.8.4,1.9.4)
More Information

Updated: 2017-08-11 23:45:04 UTC (commit 13081)