Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 346799

Summary: <dev-java/icedtea6{,-bin}-1.9.2:: IcedTea System property information leak via public static (CVE-2010-3860)
Product: Gentoo Security Reporter: Vlastimil Babka (Caster) (RETIRED) <caster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: java, proxy-maint
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 352035    
Bug Blocks: 215614, 340819    

Description Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-11-25 21:21:17 UTC
Dunno how serious it is, yet.
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-11-25 22:02:20 UTC
dev-java/icedtea bumped (package not stable yet)
dev-java/icedtea6-bin building
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-01-21 23:37:39 UTC
Looks like I've forgotten to update this bug and get it stable etc. Now superseeded by bug 352035
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 19:52:38 UTC
CVE-2010-3860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860):
  IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as
  based on OpenJDK 6, declares multiple sensitive variables as public, which
  allows remote attackers to obtain sensitive information including (1)
  user.name, (2) user.home, and (3) java.home system properties, and other
  sensitive information such as installation directories.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-06-29 15:28:28 UTC
This issue was resolved and addressed in
 GLSA 201406-32 at http://security.gentoo.org/glsa/glsa-201406-32.xml
by GLSA coordinator Mikle Kolyada (Zlogene).