Описание
ELSA-2013-0753: icedtea-web security update (MODERATE)
[1.2.3-2]
- Added (temporally!) posttrans forcing creation of symlinks
- should be removed next release
- Resolves: rhbz#949094
[1.2.3-1]
- fixed postun - removal of alternatives for plugin restricted to (correct) removal process only
- fixed date in changelog previous entry
- Resolves: rhbz#949094
[1.2.3-0]
- Updated to latest ustream release of 1.2 branch - 1.2.3
- Security Updates
- CVE-2013-1927, RH884705 - fixed gifar vulnerability
- CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
- Common
- PR1161: X509VariableTrustManager does not work correctly with OpenJDK7
- Plugin
- PR1157: Applets can hang browser after fatal exception
- Removed upstreamed patch 0- icedtea-web-PR1161.patch
- Resolves: rhbz#949094
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
icedtea-web
1.2.3-2.el6_4
icedtea-web-javadoc
1.2.3-2.el6_4
Oracle Linux i686
icedtea-web
1.2.3-2.el6_4
icedtea-web-javadoc
1.2.3-2.el6_4
Связанные CVE
Связанные уязвимости
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remo ...
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.