CVE-2011-0706 Information

Description

The JNLPClassLoader class in IcedTea-Web before 1.0.1 as used in OpenJDK Runtime Environment 1.6.0 allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \an inappropriate security descriptor.\

Reference

http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/ http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html http://secunia.com/advisories/43350 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.debian.org/security/2011/dsa-2224 http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 http://www.securityfocus.com/bid/46439 https://bugzilla.redhat.com/show_bug.cgi?id=677332 https://exchange.xforce.ibmcloud.com/vulnerabilities/65534 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14117