CVE-2010-4351

NameCVE-2010-4351
DescriptionThe JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2224-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openjdk-6sourcelenny6b18-1.8.7-2~lenny1DSA-2224-1
openjdk-6sourcesqueeze6b18-1.8.7-2~squeeze1DSA-2224-1
openjdk-6source(unstable)6b18-1.8.4-1

Notes

[squeeze] - openjdk-6 <no-dsa> (bug #614151)
[lenny] - openjdk-6 <no-dsa> (bug #614151)

Search for package or bug name: Reporting problems