Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 355127

Summary: <dev-java/{icedtea6-bin-1.9.7,icedtea-6.1.9.7}: multiple vulnerabilites (CVE-2010-{4448,4450,4465,4469,4470,4471,4472},CVE-2011-0706)
Product: Gentoo Security Reporter: Andrew John Hughes <gnu_andrew>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: java
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 354213, 354231    
Bug Blocks: 247140, 215614, 370787    

Description Andrew John Hughes 2011-02-15 23:08:50 UTC
http://blog.fuseyism.com/index.php/2011/02/15/security-icedtea6-1710-187-and-197-released/
http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/

I've added updated ebuilds to java-overlay.  Please promote to main tree.

Reproducible: Always
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-02-16 17:43:05 UTC
I hate to ask it again so soon, but please stabilize dev-java/icedtea6-bin-1.9.7
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2011-02-16 21:17:59 UTC
amd64 done
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2011-02-21 18:30:31 UTC
x86 stable, last one so update the whiteboard
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-02-21 18:38:26 UTC
Thanks, folks.

Rating B2; added to existing GLSA request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 20:01:07 UTC
CVE-2011-0706 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706):
  The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK
  Runtime Environment 1.6.0, allows remote attackers to gain privileges via
  unknown vectors related to multiple signers and the assignment of "an
  inappropriate security descriptor."
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-06-29 15:29:02 UTC
This issue was resolved and addressed in
 GLSA 201406-32 at http://security.gentoo.org/glsa/glsa-201406-32.xml
by GLSA coordinator Mikle Kolyada (Zlogene).