CVE-2010-4351

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
icedtea-web	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not in release
	10.04 LTS lucid	Not affected
	9.10 karmic	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
openjdk-6	11.10 oneiric	Fixed 6b21~pre1-0ubuntu1
	11.04 natty	Fixed 6b21~pre1-0ubuntu1
	10.10 maverick	Fixed 6b20-1.9.4-0ubuntu1
	10.04 LTS lucid	Fixed 6b20-1.9.4-0ubuntu1~10.04.1
	9.10 karmic	Fixed 6b20-1.9.4-0ubuntu1~9.10.1
	8.04 LTS hardy	Fixed 6b27-1.12.3-0ubuntu1~08.04.1
	6.06 LTS dapper	Not in release
openjdk-6b18	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Fixed 6b18-1.8.5-0ubuntu1
	10.04 LTS lucid	Fixed 6b18-1.8.4-0ubuntu1~10.04.1
	9.10 karmic	Fixed 6b18-1.8.4-0ubuntu1~9.10.1
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
sun-java5	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected
sun-java6	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
openjdk-6	Upstream: http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/7ec6c82e69ee

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references