Bug 6930 - icedtea-web new security issues CVE-2012-3422 and CVE-2012-3423
Summary: icedtea-web new security issues CVE-2012-3422 and CVE-2012-3423
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: http://lwn.net/Vulnerabilities/509172/
Whiteboard: MGA1TOO has_procedure mga2-64-OK mga1...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2012-08-01 23:07 CEST by David Walser
Modified: 2012-08-03 23:15 CEST (History)
3 users (show)

See Also:
Source RPM: icedtea-web-1.2-4.mga2.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2012-08-01 23:07:07 CEST
RedHat has issued an advisory on July 31:
https://rhn.redhat.com/errata/RHSA-2012-1132.html

Updated packages uploaded for Mageia 1, Mageia 2, and Cauldron.

Advisory:
========================

Updated icedtea-web packages fix security vulnerabilities:

An uninitialized pointer use flaw was found in the IcedTea-Web plug-in.
Visiting a malicious web page could possibly cause a web browser using the
IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute
arbitrary code (CVE-2012-3422).

It was discovered that the IcedTea-Web plug-in incorrectly assumed all
strings received from the browser were NUL terminated. When using the
plug-in with a web browser that does not NUL terminate strings, visiting a
web page containing a Java applet could possibly cause the browser to
crash, disclose a portion of its memory, or execute arbitrary code
(CVE-2012-3423).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3423
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-July/019580.html
https://rhn.redhat.com/errata/RHSA-2012-1132.html
========================

Updated packages in core/updates_testing:
========================
icedtea-web-1.1.6-1.mga1
icedtea-web-javadoc-1.1.6-1.mga1
icedtea-web-1.2.1-1.mga2
icedtea-web-javadoc-1.2.1-1.mga2

from SRPMS:
icedtea-web-1.1.6-1.mga1.src.rpm
icedtea-web-1.2.1-1.mga2.src.rpm
David Walser 2012-08-01 23:07:13 CEST

Whiteboard: (none) => MGA1TOO

Comment 1 claire robinson 2012-08-02 11:35:54 CEST
Testing mga2 64
Comment 2 claire robinson 2012-08-02 11:50:29 CEST
No PoC's I can find
Comment 3 claire robinson 2012-08-02 11:57:58 CEST
Just testing java works in various browsers using java test sites..

eg.
http://www.java.com/en/download/testjava.jsp
http://javatester.org/version.html

Checked with firefox, opera, chromium-browser, midori

Testing complete x86_64 Mageia 2
claire robinson 2012-08-02 11:58:14 CEST

Whiteboard: MGA1TOO => MGA1TOO has_procedure mga2-64-OK

Comment 4 claire robinson 2012-08-02 12:17:21 CEST
Testing complete i586 Mageia 1

Hardware: i586 => All
Whiteboard: MGA1TOO has_procedure mga2-64-OK => MGA1TOO has_procedure mga2-64-OK mga1-32-OK

Comment 5 David Walser 2012-08-02 22:01:29 CEST
Mandriva has issued an advisory for this today (August 2):
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:122
David Walser 2012-08-02 23:36:26 CEST

Severity: normal => major

Comment 6 claire robinson 2012-08-03 17:23:37 CEST
Testing complete Mageia 1 x86_64

Whiteboard: MGA1TOO has_procedure mga2-64-OK mga1-32-OK => MGA1TOO has_procedure mga2-64-OK mga1-32-OK mga1-64-OK

Comment 7 John Bowden 2012-08-03 20:18:37 CEST
Tested OK on Mageia 2 i586 with firefox, opera, chromium-browser and midori with a lot of help from my mentor, Thanks MrsB
This package can be pushed now Sysadmin's

Keywords: (none) => validated_update
CC: (none) => led43john
Whiteboard: MGA1TOO has_procedure mga2-64-OK mga1-32-OK mga1-64-OK => MGA1TOO has_procedure mga2-64-OK mga1-32-OK mga1-64-OK MGA2-32-OK

Comment 8 John Bowden 2012-08-03 20:38:05 CEST
Updated packages in core/updates_testing:

icedtea-web-1.1.6-1.mga1
icedtea-web-javadoc-1.1.6-1.mga1

from SRPMS:

icedtea-web-1.2.1-1.mga2.src.rpm

CC: (none) => sysadmin-bugs

Comment 9 John Bowden 2012-08-03 20:40:51 CEST
Advisory in comment 0
Comment 10 Thomas Backlund 2012-08-03 23:15:38 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0198

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.