Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in icedtea-web
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in icedtea-web
ID: FEDORA-2013-7438
Distribution: Fedora
Plattformen: Fedora 18
Datum: Di, 14. Mai 2013, 08:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927
Applikationen: IcedTea-Web

Originalnachricht

 
Name        : icedtea-web
Product     : Fedora 18
Version     : 1.4
Release     : 0.fc18
URL         : http://icedtea.classpath.org/wiki/IcedTea-Web
Summary     : Java browser plug-in and Web Start implementation
Description :
The IcedTea-Web project provides a Java web browser plugin, an implementation
of Java Web Start (originally based on the Netx project) and a settings tool to
manage deployment settings for the aforementioned plugin and Web Start
implementations.

-------------------------------------------------------------------------------
-
Update Information:

* Numerous improvements and enhancements in core and system of classloaders

* Added cs localization

* Added de localization

* Added pl localization

* Splash screen for javaws and plugin

* Better error reporting for plugin via Error-splash-screen

* All IcedTea-Web dialogues are centered to middle of active screen

* Download indicator made compact for more then one jar

* User can select its own JVM via itw-settings and deploy.properties.

* Added extended applets security settings and dialogue

* Security updates

   - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with
 same relative-path.

   - CVE-2013-1927, RH884705: fixed gifar vulnerabilit

   - CVE-2012-3422, RH840592: Potential read from an uninitialized memory
 location

   - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings

* NetX

   - PR1027: DownloadService is not supported by IcedTea-Web

   - PR725: JNLP applications will prompt for creating desktop shortcuts every
 time they are run

   - PR1292: Javaws does not resolve versioned jar names with periods
 correctly

* Plugin

   - PR1106: Buffer overflow in plugin table-

   - PR1166: Embedded JNLP File is not supported in applet tag

   - PR1217: Add command line arguments for plugins

   - PR1189: Icedtea-plugin requires code attribute when using jnlp_href

   - PR1198: JSObject is not passed to javascript correctly

   - PR1260: IcedTea-Web should not rely on GTK

   - PR1157: Applets can hang browser after fatal exception

   - PR580: http://www.horaoficial.cl/ loads improperly

* Common

   - PR1049: Extension jnlp's signed jar with the content of only
 META-INF/* is considered

   - PR955: regression: SweetHome3D fails to run

   - PR1145: IcedTea-Web can cause ClassCircularityError

   - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7

   - PR822: Applets fail to load if jars have different signers

   - PR1186:
 System.getProperty("deployment.user.security.trusted.cacerts") is null

   - PR909: The Java applet at wardrobegame.jspfails

   - PR1299: WebStart doesn't read socket proxy settings from firefox
 correctly




-------------------------------------------------------------------------------
-
ChangeLog:

* Sat May  4 2013 Jiri Vanek <jvanek@redhat.com> 1.4-0
- Updated to 1.4
- See announcement for detail
 - http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-May/023195.html
- added check
* Wed Apr 17 2013 Jiri Vanek <jvanek@redhat.com> 1.3.2-0
- Updated to latest ustream release of 1.3 branch - 1.3.2
 - Security Updates
  - CVE-2013-1927, RH884705: fixed gifar vulnerability
  - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with
 same relative-path.
 - Common
  - Added new option in itw-settings which allows users to set JVM arguments
 when plugin is initialized.
 - NetX
  - PR580: http://www.horaoficial.cl/ loads improperly
 - Plugin
   PR1260: IcedTea-Web should not rely on GTK
   PR1157: Applets can hang browser after fatal exception
- Removed upstreamed patch to remove GTK dependency
  - icedtea-web-pr1260-remove-gtk-dep.patch
* Wed Jan 16 2013 Deepak Bhole <dbhole@redhat.com> 1.3.1-3
- Resolves: rhbz#889644, rhbz#895197
- Added patch to remove GTK dependency
* Thu Dec 20 2012 Jiri Vanek <jvanek@redhat.com> 1.3.1-2
- Moved to be  build with GTK3
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update icedtea-web' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung