RedHat has issued an advisory on November 7: https://rhn.redhat.com/errata/RHSA-2012-1434.html Updated packages uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated icedtea-web packages fix security vulnerability: A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code (CVE-2012-4540). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4540 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html https://rhn.redhat.com/errata/RHSA-2012-1434.html ======================== Updated packages in core/updates_testing: ======================== icedtea-web-1.1.7-1.mga1 icedtea-web-javadoc-1.1.7-1.mga1 icedtea-web-1.3.1-1.mga2 icedtea-web-javadoc-1.3.1-1.mga2 from SRPMS: icedtea-web-1.1.7-1.mga1.src.rpm icedtea-web-1.3.1-1.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
No poc, so just testing that a java web applet works. I'm using the speed test under "Tools and Tips" at http://www.ody.ca/ Testing complete Mageia 1 and 2, i586 and x86-64. Could someone from the sysadmin team push the srpm icedtea-web-1.3.1-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm icedtea-web-1.1.7-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated icedtea-web packages fix security vulnerability: A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code (CVE-2012-4540). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4540 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html https://rhn.redhat.com/errata/RHSA-2012-1434.html https://bugs.mageia.org/show_bug.cgi?id=8020
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: MGA1TOO => MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0329
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED