Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 346799 - <dev-java/icedtea6{,-bin}-1.9.2:: IcedTea System property information leak via public static (CVE-2010-3860)
Summary: <dev-java/icedtea6{,-bin}-1.9.2:: IcedTea System property information leak vi...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://blog.fuseyism.com/index.php/20...
Whiteboard: B3 [glsa]
Keywords:
Depends on: CVE-2010-4351
Blocks: java-security 340819
  Show dependency tree
 
Reported: 2010-11-25 21:21 UTC by Vlastimil Babka (Caster) (RETIRED)
Modified: 2014-06-29 15:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-11-25 21:21:17 UTC
Dunno how serious it is, yet.
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-11-25 22:02:20 UTC
dev-java/icedtea bumped (package not stable yet)
dev-java/icedtea6-bin building
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-01-21 23:37:39 UTC
Looks like I've forgotten to update this bug and get it stable etc. Now superseeded by bug 352035
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 19:52:38 UTC
CVE-2010-3860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860):
  IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as
  based on OpenJDK 6, declares multiple sensitive variables as public, which
  allows remote attackers to obtain sensitive information including (1)
  user.name, (2) user.home, and (3) java.home system properties, and other
  sensitive information such as installation directories.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-06-29 15:28:28 UTC
This issue was resolved and addressed in
 GLSA 201406-32 at http://security.gentoo.org/glsa/glsa-201406-32.xml
by GLSA coordinator Mikle Kolyada (Zlogene).