drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in icedtea-web
Name: |
Mehrere Probleme in icedtea-web |
|
ID: |
SUSE-SU-2013:1174-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Desktop 11 SP3 |
|
Datum: |
Mi, 10. Juli 2013, 22:38 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927 |
|
Applikationen: |
IcedTea-Web |
|
Originalnachricht |
SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1174-1 Rating: important References: #815596 #818768 #825880 Cross-References: CVE-2012-3422 CVE-2012-3423 CVE-2013-1926 CVE-2013-1927 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________
An update that fixes four vulnerabilities is now available. It includes one version update.
Description:
This update to IcedTea-Web 1.4 provides the following fixes and enhancements:
*
Security updates
o CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path o CVE-2013-1927, RH884705: fixed gifar vulnerabilit o CVE-2012-3422, RH840592: Potential read from an uninitialized memory location o CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings o CVE-2013-1927, RH884705: fixed gifar vulnerability o CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. *
NetX
o PR1027: DownloadService is not supported by IcedTea-Web o PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run o PR1292: Javaws does not resolve versioned jar names with periods correctly o PR580: http://www.horaoficial.cl/ loads improperly. *
Plugin
o PR1106: Buffer overflow in plugin table- o PR1166: Embedded JNLP File is not supported in applet tag o PR1217: Add command line arguments for plugins o PR1189: Icedtea-plugin requires code attribute when using jnlp_href o PR1198: JSObject is not passed to javascript correctly o PR1260: IcedTea-Web should not rely on GTK o PR1157: Applets can hang browser after fatal exception o PR580: http://www.horaoficial.cl/ loads improperly o PR1260: IcedTea-Web should not rely on GTK o PR1157: Applets can hang browser after fatal exception. *
Common
o PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered o PR955: regression: SweetHome3D fails to run o PR1145: IcedTea-Web can cause ClassCircularityError o PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 o PR822: Applets fail to load if jars have different signers o PR1186: System.getProperty("deployment.user.security.trusted.cacerts ") is null o PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails o PR1299: WebStart doesn't read socket proxy settings from firefox correctly. *
Added cs, de, pl localization
* Splash screen for javaws and plugin * Better error reporting for plugin via Error-splash-screen * All IcedTea-Web dialogues are centered to middle of active screen * Download indicator made compact for more then one jar * User can select its own JVM via itw-settings and deploy.properties * Added extended applets security settings and dialogue * Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized * Fixed a build failure with older xulrunner * Changed strict openjdk6 dependencies to anything java-openjdk >= 1.6.0.
Security Issue references:
* CVE-2013-1926 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926 > * CVE-2013-1927 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927 > * CVE-2012-3422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3422 > * CVE-2012-3423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3423 > * CVE-2013-1927 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927 > * CVE-2013-1926 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926 >
Patch Instructions:
To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-icedtea-web-7981
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.4]:
icedtea-web-1.4-0.10.1
References:
http://support.novell.com/security/cve/CVE-2012-3422.html http://support.novell.com/security/cve/CVE-2012-3423.html http://support.novell.com/security/cve/CVE-2013-1926.html http://support.novell.com/security/cve/CVE-2013-1927.html https://bugzilla.novell.com/815596 https://bugzilla.novell.com/818768 https://bugzilla.novell.com/825880 ?keywords=e2d8b10b4253bb88de271814cd974a83
-- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
|
|
|
|