LWN.net Logo

Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

icedtea-web: code execution
Package(s):icedtea-web CVE #(s):CVE-2013-4349
Created:September 23, 2013 Updated:October 7, 2013
Description: From the Red Hat bugzilla:

An off-by-one heap-based buffer overflow was found in IcedTeaScriptableJavaObject::invoke function. This problem was discovered in Oct 2012 and was assigned CVE-2012-4540.

Version 1.4 released in May 2013 did not include the fix and is affected by the issue.

Alerts:
Fedora FEDORA-2013-17026 2013-09-20
openSUSE openSUSE-SU-2013:1509-1 2013-09-30
openSUSE openSUSE-SU-2013:1511-1 2013-09-30
SUSE SUSE-SU-2013:1520-1 2013-10-02
Fedora FEDORA-2013-17016 2013-10-04
Debian DSA-2768-1 2013-10-04
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds