Bugzilla – Bug 863107
VUL-0: icedtea-web: version 1.4.2 fixes insecure temporary directory use
Last modified: 2014-02-19 13:05:48 UTC
Via OSS:12065 IcedTea-Web version 1.4.2 released earlier this week fixes an issue related to handling of the directory that is used to store sockets for communication between in browser plugin, and JVM running applets. The directory was usually created in /tmp, using predictable name, and its ownership and permissions were not checked. This issue was reported by Michael Scherer of Red Hat and was assigned CVE-2013-6493. References: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a http://icedtea.classpath.org/hg/icedtea-web/rev/1e0507976663 https://bugzilla.redhat.com/show_bug.cgi?id=1010958 http://comments.gmane.org/gmane.comp.security.oss.general/12065
This issue needs to be addresses for: openSUSE:12.3 openSUSE:13.1 SLE-11-SP3 and the Factory channels.
bugbot adjusting priority
I've made my own bug, sorry :) *** This bug has been marked as a duplicate of bug 864364 ***