|
|
Subscribe / Log in / New account

icedtea-web: code execution

Package(s):icedtea-web CVE #(s):CVE-2012-3422 CVE-2012-3423
Created:August 1, 2012 Updated:September 24, 2012
Description: From the Red Hat advisory:

An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3422)

It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3423)

Alerts:
Gentoo 201406-32 icedtea-bin 2014-06-29
SUSE SUSE-SU-2013:1174-1 icedtea-web 2013-07-10
openSUSE openSUSE-SU-2013:0966-1 icedtea-web 2013-06-10
SUSE SUSE-SU-2013:0851-1 icedtea-web 2013-05-31
openSUSE openSUSE-SU-2013:0893-1 icedtea-web 2013-06-10
openSUSE openSUSE-SU-2013:0826-1 icedtea-web 2013-05-24
Fedora FEDORA-2012-14340 icedtea-web 2012-09-21
Fedora FEDORA-2012-14316 icedtea-web 2012-09-21
Mandriva MDVSA-2012:122 icedtea-web 2012-08-02
Ubuntu USN-1521-1 icedtea-web 2012-07-31
Scientific Linux SL-iced-20120801 icedtea-web 2012-08-01
Oracle ELSA-2012-1132 icedtea-web 2012-07-31
CentOS CESA-2012:1132 icedtea-web 2012-07-31
Red Hat RHSA-2012:1132-01 icedtea-web 2012-07-31
openSUSE openSUSE-SU-2012:0981-1 icedtea-web 2012-08-10
SUSE SUSE-SU-2012:0979-1 icedtea-web 2012-08-09
openSUSE openSUSE-SU-2012:0982-1 update 2012-08-13
Mageia MGASA-2012-0198 icedtea-web 2012-08-03
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds