10 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.041 Low
EPSS
Percentile
92.1%
USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)
architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes
vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu
10.10.
Original advisory details:
It was discovered that untrusted Java applets could create domain
name resolution cache entries, allowing an attacker to manipulate
name resolution within the JVM. (CVE-2010-4448)
It was discovered that the Java launcher did not did not properly
setup the LD_LIBRARY_PATH environment variable. A local attacker
could exploit this to execute arbitrary code as the user invoking
the program. (CVE-2010-4450)
It was discovered that within the Swing library, forged timer events
could allow bypass of SecurityManager checks. This could allow an
attacker to access restricted resources. (CVE-2010-4465)
It was discovered that certain bytecode combinations confused memory
management within the HotSpot JVM. This could allow an attacker to
cause a denial of service through an application crash or possibly
inject code. (CVE-2010-4469)
It was discovered that the way JAXP components were handled
allowed them to be manipulated by untrusted applets. An attacker
could use this to bypass XML processing restrictions and elevate
privileges. (CVE-2010-4470)
It was discovered that the Java2D subcomponent, when processing broken
CFF fonts could leak system properties. (CVE-2010-4471)
It was discovered that a flaw in the XML Digital Signature
component could allow an attacker to cause untrusted code to
replace the XML Digital Signature Transform or C14N algorithm
implementations. (CVE-2010-4472)
Konstantin Preisser and others discovered that specific double literals
were improperly handled, allowing a remote attacker to cause a denial
of service. (CVE-2010-4476)
It was discovered that the JNLPClassLoader class when handling multiple
signatures allowed remote attackers to gain privileges due to the
assignment of an inappropriate security descriptor. (CVE-2011-0706)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 10.10 | noarch | openjdk-6-jre-headless | < 6b18-1.8.7-0ubuntu2.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | icedtea-6-jre-cacao | < 6b18-1.8.7-0ubuntu2.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | icedtea6-plugin | < 6b18-1.8.7-0ubuntu2.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | openjdk-6-dbg | < 6b18-1.8.7-0ubuntu2.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | openjdk-6-demo | < 6b18-1.8.7-0ubuntu2.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | openjdk-6-jdk | < 6b18-1.8.7-0ubuntu2.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | openjdk-6-jre | < 6b18-1.8.7-0ubuntu2.1 | UNKNOWN |
Ubuntu | 10.10 | noarch | openjdk-6-jre-zero | < 6b18-1.8.7-0ubuntu2.1 | UNKNOWN |