User: Password:
Subscribe / Log in / New account

icedtea-web: multiple vulnerabilities

Package(s):icedtea-web CVE #(s):CVE-2013-1926 CVE-2013-1927
Created:April 18, 2013 Updated:June 11, 2013
Description: From the Red Hat advisory:

It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926)

The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of web sites that allow uploads of specific file types, known as a GIFAR attack. (CVE-2013-1927)

SUSE SUSE-SU-2013:1174-1 icedtea-web 2013-07-10
openSUSE openSUSE-SU-2013:0966-1 icedtea-web 2013-06-10
openSUSE openSUSE-SU-2013:0941-1 icedtea-web 2013-06-10
SUSE SUSE-SU-2013:0851-1 icedtea-web 2013-05-31
openSUSE openSUSE-SU-2013:0826-1 icedtea-web 2013-05-24
openSUSE openSUSE-SU-2013:0735-1 update 2013-05-02
openSUSE openSUSE-SU-2013:0893-1 icedtea-web 2013-06-10
openSUSE openSUSE-SU-2013:0715-1 update 2013-04-26
Fedora FEDORA-2013-5877 icedtea-web 2013-04-25
Ubuntu USN-1804-2 icedtea-web 2013-04-23
Ubuntu USN-1804-1 icedtea-web 2013-04-18
Mandriva MDVSA-2013:146 icedtea-web 2013-04-19
Fedora FEDORA-2013-5925 icedtea-web 2013-04-19
Fedora FEDORA-2013-5962 icedtea-web 2013-04-18
Mageia MGASA-2013-0123 icedtea-web 2013-04-18
openSUSE openSUSE-SU-2013:0897-1 icedtea-web 2013-06-10
Oracle ELSA-2013-0753 icedtea-web 2013-04-18
Scientific Linux SL-iced-20130417 icedtea-web 2013-04-17
CentOS CESA-2013:0753 icedtea-web 2013-04-17
Red Hat RHSA-2013:0753-01 icedtea-web 2013-04-17

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds