drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in icedtea-web
Name: |
Mehrere Probleme in icedtea-web |
|
ID: |
FEDORA-2013-7438 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 18 |
|
Datum: |
Di, 14. Mai 2013, 08:06 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927 |
|
Applikationen: |
IcedTea-Web |
|
Originalnachricht |
Name : icedtea-web Product : Fedora 18 Version : 1.4 Release : 0.fc18 URL : http://icedtea.classpath.org/wiki/IcedTea-Web Summary : Java browser plug-in and Web Start implementation Description : The IcedTea-Web project provides a Java web browser plugin, an implementation of Java Web Start (originally based on the Netx project) and a settings tool to manage deployment settings for the aforementioned plugin and Web Start implementations.
------------------------------------------------------------------------------- - Update Information:
* Numerous improvements and enhancements in core and system of classloaders
* Added cs localization
* Added de localization
* Added pl localization
* Splash screen for javaws and plugin
* Better error reporting for plugin via Error-splash-screen
* All IcedTea-Web dialogues are centered to middle of active screen
* Download indicator made compact for more then one jar
* User can select its own JVM via itw-settings and deploy.properties.
* Added extended applets security settings and dialogue
* Security updates
- CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
- CVE-2013-1927, RH884705: fixed gifar vulnerabilit
- CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
- CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
* NetX
- PR1027: DownloadService is not supported by IcedTea-Web
- PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run
- PR1292: Javaws does not resolve versioned jar names with periods correctly
* Plugin
- PR1106: Buffer overflow in plugin table-
- PR1166: Embedded JNLP File is not supported in applet tag
- PR1217: Add command line arguments for plugins
- PR1189: Icedtea-plugin requires code attribute when using jnlp_href
- PR1198: JSObject is not passed to javascript correctly
- PR1260: IcedTea-Web should not rely on GTK
- PR1157: Applets can hang browser after fatal exception
- PR580: http://www.horaoficial.cl/ loads improperly
* Common
- PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered
- PR955: regression: SweetHome3D fails to run
- PR1145: IcedTea-Web can cause ClassCircularityError
- PR1161: X509VariableTrustManager does not work correctly with OpenJDK7
- PR822: Applets fail to load if jars have different signers
- PR1186: System.getProperty("deployment.user.security.trusted.cacerts") is null
- PR909: The Java applet at wardrobegame.jspfails
- PR1299: WebStart doesn't read socket proxy settings from firefox correctly
------------------------------------------------------------------------------- - ChangeLog:
* Sat May 4 2013 Jiri Vanek <jvanek@redhat.com> 1.4-0 - Updated to 1.4 - See announcement for detail - http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-May/023195.html - added check * Wed Apr 17 2013 Jiri Vanek <jvanek@redhat.com> 1.3.2-0 - Updated to latest ustream release of 1.3 branch - 1.3.2 - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580: http://www.horaoficial.cl/ loads improperly - Plugin PR1260: IcedTea-Web should not rely on GTK PR1157: Applets can hang browser after fatal exception - Removed upstreamed patch to remove GTK dependency - icedtea-web-pr1260-remove-gtk-dep.patch * Wed Jan 16 2013 Deepak Bhole <dbhole@redhat.com> 1.3.1-3 - Resolves: rhbz#889644, rhbz#895197 - Added patch to remove GTK dependency * Thu Dec 20 2012 Jiri Vanek <jvanek@redhat.com> 1.3.1-2 - Moved to be build with GTK3 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update icedtea-web' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|