Bug 575756 (CVE-2010-0091)

Summary: CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ahughes, aph, bressers, dbhole, jlieskov, jpechane, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-10 21:21:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 594679, 618146, 618147, 618148, 618196, 618246, 618971    
Bug Blocks:    

Comment 1 Murray McAllister 2010-03-31 15:05:32 UTC
An untrusted applet could access clipboard information if a drag operation was performed over that applet's canvas. This could lead to an information leak.

Comment 3 errata-xmlrpc 2010-04-01 00:15:03 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0339 https://rhn.redhat.com/errata/RHSA-2010-0339.html

Comment 4 errata-xmlrpc 2010-04-01 00:21:50 UTC
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0337 https://rhn.redhat.com/errata/RHSA-2010-0337.html

Comment 5 errata-xmlrpc 2010-04-01 02:57:04 UTC
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5
  Supplementary for RHEL 5.2.z
  Supplementary for RHEL 5.3.z

Via RHSA-2010:0338 https://rhn.redhat.com/errata/RHSA-2010-0338.html

Comment 6 Fedora Update System 2010-04-06 16:33:51 UTC
java-1.6.0-openjdk-1.6.0.0-34.b17.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-34.b17.fc11

Comment 7 Fedora Update System 2010-04-06 16:36:20 UTC
java-1.6.0-openjdk-1.6.0.0-37.b17.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-37.b17.fc12

Comment 8 Fedora Update System 2010-04-07 07:10:16 UTC
java-1.6.0-openjdk-1.6.0.0-36.b17.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-36.b17.fc13

Comment 9 Fedora Update System 2010-04-09 01:27:17 UTC
java-1.6.0-openjdk-1.6.0.0-37.b17.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2010-04-09 01:30:55 UTC
java-1.6.0-openjdk-1.6.0.0-34.b17.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2010-04-09 06:56:48 UTC
java-1.6.0-openjdk-1.6.0.0-37.b17.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-37.b17.fc13

Comment 12 Fedora Update System 2010-04-09 21:05:05 UTC
java-1.6.0-openjdk-1.6.0.0-37.b17.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 errata-xmlrpc 2010-04-29 17:49:56 UTC
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0383 https://rhn.redhat.com/errata/RHSA-2010-0383.html

Comment 15 errata-xmlrpc 2010-06-14 23:23:47 UTC
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.3

Via RHSA-2010:0471 https://rhn.redhat.com/errata/RHSA-2010-0471.html

Comment 20 errata-xmlrpc 2010-07-29 16:40:44 UTC
This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0574 https://rhn.redhat.com/errata/RHSA-2010-0574.html

Comment 21 errata-xmlrpc 2010-08-02 20:44:34 UTC
This issue has been addressed in following products:

  RHEL 4 for SAP
  RHEL 5 for SAP

Via RHSA-2010:0586 https://rhn.redhat.com/errata/RHSA-2010-0586.html

Comment 22 Tomas Hoger 2011-06-15 07:12:52 UTC
*** Bug 454068 has been marked as a duplicate of this bug. ***