CVE-2010-4471
Publication date 17 February 2011
Last updated 24 July 2024
Ubuntu priority
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| openjdk-6 | 11.10 oneiric |
Not affected
|
| 11.04 natty |
Not affected
|
|
| 10.10 maverick |
Fixed 6b20-1.9.7-0ubuntu1
|
|
| 10.04 LTS lucid |
Fixed 6b20-1.9.7-0ubuntu1~10.04.1
|
|
| 9.10 karmic |
Fixed 6b20-1.9.7-0ubuntu1~9.10.1
|
|
| 8.04 LTS hardy |
Fixed 6b27-1.12.3-0ubuntu1~08.04.1
|
|
| 6.06 LTS dapper | Not in release | |
| openjdk-6b18 | 11.10 oneiric |
Fixed 6b18-1.8.7-0ubuntu5
|
| 11.04 natty |
Fixed 6b18-1.8.7-0ubuntu5
|
|
| 10.10 maverick |
Fixed 6b18-1.8.7-0ubuntu2.1
|
|
| 10.04 LTS lucid |
Fixed 6b18-1.8.7-0ubuntu1~10.04.2
|
|
| 9.10 karmic |
Fixed 6b18-1.8.7-0ubuntu1~9.10.1
|
|
| 8.04 LTS hardy | Not in release | |
| 6.06 LTS dapper | Not in release | |
| sun-java5 | 11.10 oneiric | Not in release |
| 11.04 natty | Not in release | |
| 10.10 maverick | Not in release | |
| 10.04 LTS lucid | Not in release | |
| 9.10 karmic | Not in release | |
| 8.04 LTS hardy | Ignored end of life | |
| 6.06 LTS dapper | Ignored end of life | |
| sun-java6 | 11.10 oneiric |
Not affected
|
| 11.04 natty |
Fixed 6.24-1build0.10.10.1
|
|
| 10.10 maverick |
Fixed 6.24-1build0.10.10.1
|
|
| 10.04 LTS lucid |
Fixed 6.24-1build0.10.04.1
|
|
| 9.10 karmic |
Fixed 6.24-1build0.9.10.1
|
|
| 8.04 LTS hardy |
Fixed 6.24-1build0.8.04.1
|
|
| 6.06 LTS dapper | Not in release |
Notes
References
Related Ubuntu Security Notices (USN)
- USN-1079-1
- OpenJDK 6 vulnerabilities
- 1 March 2011
- USN-1079-2
- OpenJDK 6 vulnerabilities
- 15 March 2011
- USN-1079-3
- OpenJDK 6 vulnerabilities
- 17 March 2011