RedHat has issued an advisory on July 31: https://rhn.redhat.com/errata/RHSA-2012-1132.html Updated packages uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated icedtea-web packages fix security vulnerabilities: An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code (CVE-2012-3422). It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code (CVE-2012-3423). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3423 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-July/019580.html https://rhn.redhat.com/errata/RHSA-2012-1132.html ======================== Updated packages in core/updates_testing: ======================== icedtea-web-1.1.6-1.mga1 icedtea-web-javadoc-1.1.6-1.mga1 icedtea-web-1.2.1-1.mga2 icedtea-web-javadoc-1.2.1-1.mga2 from SRPMS: icedtea-web-1.1.6-1.mga1.src.rpm icedtea-web-1.2.1-1.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
Testing mga2 64
No PoC's I can find
Just testing java works in various browsers using java test sites.. eg. http://www.java.com/en/download/testjava.jsp http://javatester.org/version.html Checked with firefox, opera, chromium-browser, midori Testing complete x86_64 Mageia 2
Whiteboard: MGA1TOO => MGA1TOO has_procedure mga2-64-OK
Testing complete i586 Mageia 1
Hardware: i586 => AllWhiteboard: MGA1TOO has_procedure mga2-64-OK => MGA1TOO has_procedure mga2-64-OK mga1-32-OK
Mandriva has issued an advisory for this today (August 2): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:122
Severity: normal => major
Testing complete Mageia 1 x86_64
Whiteboard: MGA1TOO has_procedure mga2-64-OK mga1-32-OK => MGA1TOO has_procedure mga2-64-OK mga1-32-OK mga1-64-OK
Tested OK on Mageia 2 i586 with firefox, opera, chromium-browser and midori with a lot of help from my mentor, Thanks MrsB This package can be pushed now Sysadmin's
Keywords: (none) => validated_updateCC: (none) => led43johnWhiteboard: MGA1TOO has_procedure mga2-64-OK mga1-32-OK mga1-64-OK => MGA1TOO has_procedure mga2-64-OK mga1-32-OK mga1-64-OK MGA2-32-OK
Updated packages in core/updates_testing: icedtea-web-1.1.6-1.mga1 icedtea-web-javadoc-1.1.6-1.mga1 from SRPMS: icedtea-web-1.2.1-1.mga2.src.rpm
CC: (none) => sysadmin-bugs
Advisory in comment 0
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0198
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED