drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in IcedTea-Web
Name: |
Zwei Probleme in IcedTea-Web |
|
ID: |
USN-1804-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Fr, 19. April 2013, 08:31 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927 |
|
Applikationen: |
IcedTea-Web |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============8964199897033825157== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig840D52C1D263C2CB0E8A6C9C"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig840D52C1D263C2CB0E8A6C9C Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1804-1 April 18, 2013
icedtea-web vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS
Summary:
Two security issues were fixed in IcedTea-Web.
Software Description: - icedtea-web: A web browser plugin to execute Java applets
Details:
Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. (CVE-2013-1926)
It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. (CVE-2013-1927)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: icedtea-netx 1.3.2-1ubuntu0.12.10.1
Ubuntu 12.04 LTS: icedtea-netx 1.2.3-0ubuntu0.12.04.1
Ubuntu 11.10: icedtea-netx 1.2.3-0ubuntu0.11.10.1
Ubuntu 10.04 LTS: icedtea-netx 1.2.3-0ubuntu0.10.04.1
After a standard system update you need to restart your browser to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1804-1 CVE-2013-1926, CVE-2013-1927
Package Information: https://launchpad.net/ubuntu/+source/icedtea-web/1.3.2-1ubuntu0.12.10.1 https://launchpad.net/ubuntu/+source/icedtea-web/1.2.3-0ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/icedtea-web/1.2.3-0ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/icedtea-web/1.2.3-0ubuntu0.10.04.1
--------------enig840D52C1D263C2CB0E8A6C9C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRcJZhAAoJEFHb3FjMVZVzTrsP/AukRaKTCixLlkYU/oh8LBZO bFouX0WtF8ze+DJX6Pda/Zy3+FKjH0FcyPNPJJwYo4qgWn635VO8eXbj7avtdowb YWvk5JE7MiMxv/buR/JFHQH7VonW1khLzyKLak/JQDtlm/YW4QsKXRXcjmXqzv2e HT4RnMOtkjsfW2ONyDsv5KUVwox07K4ZL0EGkKu27PONY2tgDWQPIW5HNoih3GZ8 QEluQbtFoGLcyRLPs4KWPxXKM2LVb/uXZLNJJ5MqbjPJs7Bu8ZB0saF6gz/VDtny aOnXsLcrhvpaqJWsEyX2uUijPGWh6studjOebFEaJdqy/lKkv7szs1ucPNj4j53F ASPTmDS5O4lztpvI9QsOL+iod7U6rffQFSv+LQcSjEoxN8/Dme8yiwo4qyrYoRA1 M6aagHXE79MVEjZdGNx1Ws4d5rdibBDBMD7guGlC+sFvkLsVfG+hsoqozJ8Rwmet On7Iik4a3jzRInFb7Ows75NnD6iGLuY/Wmf5BR+4Is0TLyVJm9NhTFfKG4TGCqEo /0w9HLj9SXmaUw5PyIJthqTxVo3qR3U0j84y0SEUEJ8NZK5tG5W8fryXcf3KDu1c koddzD34t2iZ2y6jIp874JcGVfDhYC8i70TnmJYPJm9t7QtcU71KYjEe2EjLdDQp uqmJP6qFzhF8Z+Q9PZoL =fdcx -----END PGP SIGNATURE-----
--------------enig840D52C1D263C2CB0E8A6C9C--
--===============8964199897033825157== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8964199897033825157==--
|
|
|
|