Mercurial > hg > release > icedtea6-1.9
changeset 2306:7ec6c82e69ee
RH663680, CVE-2010-4351: JNLP SecurityManager bypass
2010-12-16 Omair Majid <omajid@redhat.com>
RH663680, CVE-2010-4351:
* NEWS: List issue.
* netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
Make sure SecurityException is thrown if necessary.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Fri, 17 Dec 2010 01:02:47 +0000 |
parents | 5af2053661b9 |
children | fdefc65b1e3f |
files | ChangeLog NEWS netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java |
diffstat | 3 files changed, 12 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Dec 16 19:31:39 2010 +0000 +++ b/ChangeLog Fri Dec 17 01:02:47 2010 +0000 @@ -1,3 +1,10 @@ +2010-12-16 Omair Majid <omajid@redhat.com> + + RH663680, CVE-2010-4351: + * NEWS: List issue. + * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java: + Make sure SecurityException is thrown if necessary. + 2010-12-16 Andrew John Hughes <ahughes@redhat.com> * NEWS: Place RH647674 under correct section.
--- a/NEWS Thu Dec 16 19:31:39 2010 +0000 +++ b/NEWS Fri Dec 17 01:02:47 2010 +0000 @@ -8,8 +8,10 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY -New in release 1.9.4 (2011-XX-XX): +New in release 1.9.4 (2011-01-12): +* Security updates + - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass * Backports - S4356282: RFE: JDK should support OpenType/CFF fonts - S6954424, RH525870: Support OpenType/CFF fonts in JDK 7
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Thu Dec 16 19:31:39 2010 +0000 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Fri Dec 17 01:02:47 2010 +0000 @@ -302,6 +302,7 @@ } } else if (perm instanceof SecurityPermission) { + tmpPerm = perm; // JCE's initialization requires putProviderProperty permission if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) { @@ -311,6 +312,7 @@ } } else if (perm instanceof RuntimePermission) { + tmpPerm = perm; // KeyGenerator's init method requires internal spec access if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {