Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in icedtea-web
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in icedtea-web
ID: FEDORA-2013-17016
Distribution: Fedora
Plattformen: Fedora 18
Datum: Fr, 4. Oktober 2013, 07:25
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4349
Applikationen: icedtea-web

Originalnachricht

Name        : icedtea-web
Product : Fedora 18
Version : 1.4.1
Release : 0.fc18
URL : http://icedtea.classpath.org/wiki/IcedTea-Web
Summary : Additional Java components for OpenJDK - Java browser plug-in and
Web Start implementation
Description :
The IcedTea-Web project provides a Java web browser plugin, an implementation
of Java Web Start (originally based on the Netx project) and a settings tool to
manage deployment settings for the aforementioned plugin and Web Start
implementations.

-------------------------------------------------------------------------------
-
Update Information:

Updated to icedtea-web 1.4.1
New in release 1.4.1 (2013-XX-YY):
* Improved and cleaned Temporary internet files panel
* PR1465 - java.io.FileNotFoundException while trying to download a JAR file
* PR1473 - javaws should not depend on name of local file
* PR854: Resizing an applet several times causes 100% CPU load
* CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event
attached to applet
* reproducers tests are enabled in dist-tarball
* application context support for OpenJDK build 25 and higher
* small patches into rhino support and
* PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other
properties
* add icedtea-web man page
* make check enabled again
* should be build for non-standart archs
* removed unused multilib arches
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Sep 17 2013 Jiri Vanek <jvanek@redhat.com> 1.4.1-0
- updated to 1.4.1
- add icedtea-web man page
- removed upstreamed patch1 b25-appContextFix.patch
- should be build for non-standart archs
- make check enabled again
* Wed Jun 19 2013 Jiri Vanek <jvanek@redhat.com> 1.4.0-1
- added patch1 b25-appContextFix.patch to make it run with future openjdk
* Sat May 4 2013 Jiri Vanek <jvanek@redhat.com> 1.4-0
- Updated to 1.4
- See announcement for detail
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-May/023195.html
- added check
* Wed Apr 17 2013 Jiri Vanek <jvanek@redhat.com> 1.3.2-0
- Updated to latest ustream release of 1.3 branch - 1.3.2
- Security Updates
- CVE-2013-1927, RH884705: fixed gifar vulnerability
- CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with
same relative-path.
- Common
- Added new option in itw-settings which allows users to set JVM arguments
when plugin is initialized.
- NetX
- PR580: http://www.horaoficial.cl/ loads improperly
- Plugin
PR1260: IcedTea-Web should not rely on GTK
PR1157: Applets can hang browser after fatal exception
- Removed upstreamed patch to remove GTK dependency
- icedtea-web-pr1260-remove-gtk-dep.patch
* Wed Jan 16 2013 Deepak Bhole <dbhole@redhat.com> 1.3.1-3
- Resolves: rhbz#889644, rhbz#895197
- Added patch to remove GTK dependency
* Thu Dec 20 2012 Jiri Vanek <jvanek@redhat.com> 1.3.1-2
- Moved to be build with GTK3
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1007960 - CVE-2013-4349 icedtea-web: CVE-2012-4540 issue not fixed
in 1.4
https://bugzilla.redhat.com/show_bug.cgi?id=1007960
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update icedtea-web' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung