CVE-2010-4471
Published: 17 February 2011
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.
Notes
| Author | Note |
|---|---|
| mdeslaur | may not affect openjdk |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openjdk-6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(6b27-1.12.3-0ubuntu1~08.04.1)
|
|
| karmic |
Released
(6b20-1.9.7-0ubuntu1~9.10.1)
|
|
| lucid |
Released
(6b20-1.9.7-0ubuntu1~10.04.1)
|
|
| maverick |
Released
(6b20-1.9.7-0ubuntu1)
|
|
| natty |
Not vulnerable
(6b22-1.10.1-0ubuntu1)
|
|
| oneiric |
Not vulnerable
(6b22-1.10.1-0ubuntu1)
|
|
| upstream |
Released
(6b24)
|
|
|
openjdk-6b18 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(6b18-1.8.7-0ubuntu1~9.10.1)
|
|
| lucid |
Released
(6b18-1.8.7-0ubuntu1~10.04.2)
|
|
| maverick |
Released
(6b18-1.8.7-0ubuntu2.1)
|
|
| natty |
Released
(6b18-1.8.7-0ubuntu5)
|
|
| oneiric |
Released
(6b18-1.8.7-0ubuntu5)
|
|
| upstream |
Released
(6b24)
|
|
|
sun-java5 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end-of-life)
|
| hardy |
Ignored
(upstream sun-java5 is EoL)
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Released
(1.5.0-28)
|
|
|
sun-java6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(6.24-1build0.8.04.1)
|
|
| karmic |
Released
(6.24-1build0.9.10.1)
|
|
| lucid |
Released
(6.24-1build0.10.04.1)
|
|
| maverick |
Released
(6.24-1build0.10.10.1)
|
|
| natty |
Released
(6.24-1build0.10.10.1)
|
|
| oneiric |
Not vulnerable
(6.26-1oneiric1)
|
|
| upstream |
Released
(6.24-1)
|