RedHat has issued an advisory today (April 17): https://rhn.redhat.com/errata/RHSA-2013-0753.html Updated packages uploaded for Mageia 2 and Cauldron. Advisory: ======================== Updated icedtea-web packages fix security vulnerabilities: It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser (CVE-2013-1926). The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of web sites that allow uploads of specific file types, known as a GIFAR attack (CVE-2013-1927). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html https://rhn.redhat.com/errata/RHSA-2013-0753.html ======================== Updated packages in core/updates_testing: ======================== icedtea-web-1.3.2-1.mga2 icedtea-web-javadoc-1.3.2-1.mga2 from icedtea-web-1.3.2-1.mga2.src.rpm Reproducible: Steps to Reproduce:
Testing complete on Mageia 2 i586 and x86_64. Could someone from the sysadmin team push the srpm icedtea-web-1.3.2-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated icedtea-web packages fix security vulnerabilities: It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser (CVE-2013-1926). The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of web sites that allow uploads of specific file types, known as a GIFAR attack (CVE-2013-1927). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html https://rhn.redhat.com/errata/RHSA-2013-0753.html https://bugs.mageia.org/show_bug.cgi?id=9779
Keywords: (none) => validated_updateWhiteboard: (none) => MGA2-64-OK MGA2-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/547754/