Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1178-1
Solution
Please Install the Updated Packages.
Insight
Omair Majid discovered that an unsigned Web Start application or applet could determine the path to the cache directory used to store downloaded class and jar files by querying class loader properties. This could allow a remote attacker to discover a user's name and home directory path. (CVE-2011-2513)
Omair Majid discovered that an unsigned Web Start application could manipulate the content of the security warning dialog message to show different file names in prompts. This could allow a remote attacker to confuse a user into granting access to a different file than they believe they are granting access to. This issue only affected Ubuntu 11.04. (CVE-2011-2514)
Affected
icedtea-web on Ubuntu 11.04 ,
Ubuntu 10.10 ,
Ubuntu 10.04 LTS
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2513, CVE-2011-2514 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities