CVE-2010-3860

Publication date 24 November 2010

Last updated 24 July 2024

Ubuntu priority

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
openjdk-6	10.10 maverick	Fixed 6b20-1.9.2-0ubuntu1
	10.04 LTS lucid	Fixed 6b20-1.9.2-0ubuntu1~10.04.1
	9.10 karmic	Fixed 6b18-1.8.3-0ubuntu1~9.10.1
	8.04 LTS hardy	Fixed 6b27-1.12.3-0ubuntu1~08.04.1
	6.06 LTS dapper	Not in release
openjdk-6b18	10.10 maverick	Fixed 6b18-1.8.3-0ubuntu1
	10.04 LTS lucid	Fixed 6b18-1.8.3-0ubuntu1~10.04.1
	9.10 karmic	Not affected
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
sun-java5	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected
sun-java6	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not in release

CVE-2010-3860

Status

References

Related Ubuntu Security Notices (USN)

Other references