Описание
ELSA-2012-1132: icedtea-web security update (IMPORTANT)
[1.2.1-1]
- Updated to 1.2.1
- Resolves: CVE-2012-3422
- Resolves: CVE-2012-3423
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
icedtea-web
1.2.1-1.el6_3
icedtea-web-javadoc
1.2.1-1.el6_3
Oracle Linux i686
icedtea-web
1.2.1-1.el6_3
icedtea-web-javadoc
1.2.1-1.el6_3
Связанные CVE
Связанные уязвимости
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant ...
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.