| Summary: | icedtea-web new security issue CVE-2012-4540 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | critical | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/523621/ | ||
| Whiteboard: | MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK | ||
| Source RPM: | icedtea-web-1.3-1.mga2.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-11-08 19:00:13 CET
David Walser
2012-11-08 19:00:19 CET
Whiteboard:
(none) =>
MGA1TOO No poc, so just testing that a java web applet works. I'm using the speed test under "Tools and Tips" at http://www.ody.ca/ Testing complete Mageia 1 and 2, i586 and x86-64. Could someone from the sysadmin team push the srpm icedtea-web-1.3.1-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm icedtea-web-1.1.7-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated icedtea-web packages fix security vulnerability: A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code (CVE-2012-4540). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4540 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html https://rhn.redhat.com/errata/RHSA-2012-1434.html https://bugs.mageia.org/show_bug.cgi?id=8020 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0329 Status:
NEW =>
RESOLVED |