Mercurial > hg > release > icedtea-web-1.0
changeset 82:ee7a2e5e3849
RH663680, CVE-2010-4351: JNLP SecurityManager bypass
2010-12-16 Omair Majid <omajid@redhat.com>
RH663680, CVE-2010-4351:
* NEWS: List issue.
* netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
Make sure SecurityException is thrown if necessary.
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Tue, 18 Jan 2011 12:07:45 -0500 |
parents | b3647620fa41 |
children | 71d6595e800c |
files | ChangeLog NEWS netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java |
diffstat | 3 files changed, 10 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri Jan 07 08:08:41 2011 -0500 +++ b/ChangeLog Tue Jan 18 12:07:45 2011 -0500 @@ -25,6 +25,13 @@ skipped. * NEWS: Updated. +2010-12-16 Omair Majid <omajid@redhat.com> + + RH663680, CVE-2010-4351: + * NEWS: List issue. + * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java: + Make sure SecurityException is thrown if necessary. + 2010-12-14 Andrew John Hughes <ahughes@redhat.com> * Makefile.am:
--- a/NEWS Fri Jan 07 08:08:41 2011 -0500 +++ b/NEWS Tue Jan 18 12:07:45 2011 -0500 @@ -28,5 +28,6 @@ - Add a new option -Xclearcache - Interfaces javax.jnlp.IntegrationService and javax.jnlp.DownloadService2 are now available - PR592: NetX can create invalid desktop entry files + - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass * Control Panel - Modifications to deployments.properties file can now be done through a GUI
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Fri Jan 07 08:08:41 2011 -0500 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Tue Jan 18 12:07:45 2011 -0500 @@ -313,6 +313,7 @@ } } else if (perm instanceof SecurityPermission) { + tmpPerm = perm; // JCE's initialization requires putProviderProperty permission if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) { @@ -322,6 +323,7 @@ } } else if (perm instanceof RuntimePermission) { + tmpPerm = perm; // KeyGenerator's init method requires internal spec access if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {