drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in icedtea-web
Name: |
Mehrere Probleme in icedtea-web |
|
ID: |
FEDORA-2013-7405 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
Fr, 10. Mai 2013, 09:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927 |
|
Applikationen: |
IcedTea-Web |
|
Originalnachricht |
Name : icedtea-web Product : Fedora 19 Version : 1.4 Release : 0.fc19 URL : http://icedtea.classpath.org/wiki/IcedTea-Web Summary : Java browser plug-in and Web Start implementation Description : The IcedTea-Web project provides a Java web browser plugin, an implementation of Java Web Start (originally based on the Netx project) and a settings tool to manage deployment settings for the aforementioned plugin and Web Start implementations.
------------------------------------------------------------------------------- - Update Information:
* Numerous improvements and enhancements in core and system of classloaders
* Added cs localization
* Added de localization
* Added pl localization
* Splash screen for javaws and plugin
* Better error reporting for plugin via Error-splash-screen
* All IcedTea-Web dialogues are centered to middle of active screen
* Download indicator made compact for more then one jar
* User can select its own JVM via itw-settings and deploy.properties.
* Added extended applets security settings and dialogue
* Security updates
- CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
- CVE-2013-1927, RH884705: fixed gifar vulnerabilit
- CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
- CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
* NetX
- PR1027: DownloadService is not supported by IcedTea-Web
- PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run
- PR1292: Javaws does not resolve versioned jar names with periods correctly
* Plugin
- PR1106: Buffer overflow in plugin table-
- PR1166: Embedded JNLP File is not supported in applet tag
- PR1217: Add command line arguments for plugins
- PR1189: Icedtea-plugin requires code attribute when using jnlp_href
- PR1198: JSObject is not passed to javascript correctly
- PR1260: IcedTea-Web should not rely on GTK
- PR1157: Applets can hang browser after fatal exception
- PR580: http://www.horaoficial.cl/ loads improperly
* Common
- PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered
- PR955: regression: SweetHome3D fails to run
- PR1145: IcedTea-Web can cause ClassCircularityError
- PR1161: X509VariableTrustManager does not work correctly with OpenJDK7
- PR822: Applets fail to load if jars have different signers
- PR1186: System.getProperty("deployment.user.security.trusted.cacerts") is null
- PR909: The Java applet at wardrobegame.jspfails
- PR1299: WebStart doesn't read socket proxy settings from firefox correctly
------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update icedtea-web' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|