LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openSUSE alert openSUSE-SU-2013:1509-1 (icedtea-web)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-updates@opensuse.org 


Subject:
    	      openSUSE-SU-2013:1509-1: moderate: update for icedtea-web 


Date:
    	      Mon, 30 Sep 2013 18:04:12 +0200 (CEST)


Message-ID:
    	      <20130930160412.630AC32068@maintenance.suse.de>


Archive-link:
    	      Article, Thread
              


   openSUSE Security Update: update for icedtea-web
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:1509-1
Rating:             moderate
References:         #840572 
Cross-References:   CVE-2012-4540 CVE-2013-4349
Affected Products:
                    openSUSE 12.3
                    openSUSE 12.2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This icedtea-web update fixes several security issues.

   Changes in icedtea-web:
   - update to 1.4.1 (bnc#840572)
   * Improved and cleaned Temporary internet files panel
   * NetX
   - PR1465 - java.io.FileNotFoundException while trying to
   download a JAR file
   - PR1473 - javaws should not depend on name of local file
   * Plugin
   - PR854: Resizing an applet several times causes 100% CPU
   load
   * Security Updates
   - CVE-2013-4349, RH869040: Heap-based buffer overflow
   after triggering event attached to applet CVE-2012-4540
   nit fixed in icedtea-web 1.4
   * Misc
   - reproducers tests are enabled in dist-tarball
   - application context support for  OpenJDK build 25 and
   higher
   - small patches into rhino support and
   - PR1533: Inherit jnlp.packEnabled and
   jnlp.versionEnabled like other properties
   - need jpackage-utils on older distros
   - run more tests in %check
   - drop icedtea-web-AppContext.patch, already upstream

   - add javapackages-tools to build requires


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.3:

      zypper in -t patch openSUSE-2013-733

   - openSUSE 12.2:

      zypper in -t patch openSUSE-2013-733

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.3 (i586 x86_64):

      icedtea-web-1.4.1-4.22.1
      icedtea-web-debuginfo-1.4.1-4.22.1
      icedtea-web-debugsource-1.4.1-4.22.1

   - openSUSE 12.3 (noarch):

      icedtea-web-javadoc-1.4.1-4.22.1

   - openSUSE 12.2 (i586 x86_64):

      icedtea-web-1.4.1-1.25.1
      icedtea-web-debuginfo-1.4.1-1.25.1
      icedtea-web-debugsource-1.4.1-1.25.1

   - openSUSE 12.2 (noarch):

      icedtea-web-javadoc-1.4.1-1.25.1


References:

   http://support.novell.com/security/cve/CVE-2012-4540.html
   http://support.novell.com/security/cve/CVE-2013-4349.html
   https://bugzilla.novell.com/840572
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds