CVE-2011-0025

Related Files

Debian Security Advisory 2224-1

Posted Apr 20, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2224-1 - Several security vulnerabilities were discovered in OpenJDK, an implementation of the Java platform.

tags | advisory, java, vulnerability

systems | linux, debian

advisories | CVE-2010-4351, CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2011-0025, CVE-2011-0706

SHA-256 | 0cc870e76e7b9179425d80a38135012547ab97647816b6a849b661b8f3907c9f

Download | Favorite | View

Mandriva Linux Security Advisory 2011-054

Posted Mar 28, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-054 - Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk. The JNLP SecurityManager in IcedTea 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. Unspecified vulnerability in the Java Runtime Environment in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. Various other issues have also been identified and addressed.

tags | advisory, java, remote, web, vulnerability

systems | linux, mandriva

advisories | CVE-2010-4351, CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0025, CVE-2011-0706

SHA-256 | 904fc941643717491978f0d993636fcedc72d278bb781afe4417e8ff6ceae8fd

Download | Favorite | View

Ubuntu Security Notice USN-1055-1

Posted Feb 1, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1055-1 - It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu 10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures except for the armel (ARM) architecture. This update provides the corresponding update for Ubuntu 10.10 on the armel (ARM) architecture. It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended security policy in its checkPermission method. This could allow an attacker to execute code with privileges that should have been prevented.

tags | advisory, java

systems | linux, ubuntu

advisories | CVE-2010-4351, CVE-2011-0025

SHA-256 | f46a6d7f1d829af30a54a7be6942ff2a3e75df718ac0e1ab950de5dc8d69e93a

Download | Favorite | View