USN-1178-1: IcedTea-Web, OpenJDK 6 vulnerabilities
27 July 2011
An attacker could discover a user's name or confuse a user into granting unintended access to files.
Omair Majid discovered that an unsigned Web Start application
or applet could determine the path to the cache directory used
to store downloaded class and jar files by querying class loader
properties. This could allow a remote attacker to discover a user's
name and home directory path. (CVE-2011-2513)
Omair Majid discovered that an unsigned Web Start application could
manipulate the content of the security warning dialog message to show
different file names in prompts. This could allow a remote attacker
to confuse a user into granting access to a different file than they
believe they are granting access to. This issue only affected Ubuntu
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart any Java applications
or applets to make all the necessary changes.