Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 355127 - <dev-java/{icedtea6-bin-1.9.7,icedtea-6.1.9.7}: multiple vulnerabilites (CVE-2010-{4448,4450,4465,4469,4470,4471,4472},CVE-2011-0706)
Summary: <dev-java/{icedtea6-bin-1.9.7,icedtea-6.1.9.7}: multiple vulnerabilites (CVE-...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on: CVE-2010-4476 354231
Blocks: icedtea-tracker java-security 370787
  Show dependency tree
 
Reported: 2011-02-15 23:08 UTC by Andrew John Hughes
Modified: 2014-06-29 15:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew John Hughes 2011-02-15 23:08:50 UTC
http://blog.fuseyism.com/index.php/2011/02/15/security-icedtea6-1710-187-and-197-released/
http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/

I've added updated ebuilds to java-overlay.  Please promote to main tree.

Reproducible: Always
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-02-16 17:43:05 UTC
I hate to ask it again so soon, but please stabilize dev-java/icedtea6-bin-1.9.7
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2011-02-16 21:17:59 UTC
amd64 done
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2011-02-21 18:30:31 UTC
x86 stable, last one so update the whiteboard
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-02-21 18:38:26 UTC
Thanks, folks.

Rating B2; added to existing GLSA request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 20:01:07 UTC
CVE-2011-0706 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706):
  The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK
  Runtime Environment 1.6.0, allows remote attackers to gain privileges via
  unknown vectors related to multiple signers and the assignment of "an
  inappropriate security descriptor."
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-06-29 15:29:02 UTC
This issue was resolved and addressed in
 GLSA 201406-32 at http://security.gentoo.org/glsa/glsa-201406-32.xml
by GLSA coordinator Mikle Kolyada (Zlogene).