Bugzilla – Bug 864364
VUL-1: CVE-2013-6493: icedtea-web 1.4.2 released
Last modified: 2014-03-19 17:26:46 UTC
Already public http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html New in release 1.4.2 (2014-02-05): * Dialogs center on screen before becoming visible * Support for u45 new manifest attributes (Application-Name) * Custom applet permission policies panel in itweb-settings control panel * Plugin - PR1271: icedtea-web does not handle 'javascript:'-protocol URLs - RH976833: Multiple applets on one page cause deadlock - Enabled javaconsole - RH1010958: insecure temporary file use flaw in LiveConnect implementation Except above also: - Christmas splashscreen extension - fixed classloading deadlocks - cleaned code from warnings - pipes moved to XDG runtime dir RH1010958 is https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6493
This is an autogenerated message for OBS integration: This bug (864364) was mentioned in https://build.opensuse.org/request/show/222715 Factory / icedtea-web https://build.opensuse.org/request/show/222716 13.1 / icedtea-web https://build.opensuse.org/request/show/222717 12.3 / icedtea-web
This is an autogenerated message for OBS integration: This bug (864364) was mentioned in https://build.opensuse.org/request/show/222724 Factory / icedtea-web
bugbot adjusting priority
*** Bug 863107 has been marked as a duplicate of this bug. ***
An original announcement Alexander Bergmann 2014-02-10 17:14:55 UTC Via OSS:12065 IcedTea-Web version 1.4.2 released earlier this week fixes an issue related to handling of the directory that is used to store sockets for communication between in browser plugin, and JVM running applets. The directory was usually created in /tmp, using predictable name, and its ownership and permissions were not checked. This issue was reported by Michael Scherer of Red Hat and was assigned CVE-2013-6493. References: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a http://icedtea.classpath.org/hg/icedtea-web/rev/1e0507976663 https://bugzilla.redhat.com/show_bug.cgi?id=1010958 http://comments.gmane.org/gmane.comp.security.oss.general/12065
Affected packages: SLE-11-SP3: icedtea-web SLE-11-SP2: icedtea-web
openSUSE-SU-2014:0310-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 864364 CVE References: CVE-2013-6493 Sources used: openSUSE 13.1 (src): icedtea-web-1.4.2-4.1 openSUSE 12.3 (src): icedtea-web-1.4.2-4.26.1
released
Update released for: icedtea-web, icedtea-web-debuginfo, icedtea-web-debugsource, icedtea-web-javadoc Products: SLE-DEBUGINFO 11-SP3 (i386, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64)
SUSE-SU-2014:0397-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 864364 CVE References: CVE-2013-6493 Sources used: SUSE Linux Enterprise Desktop 11 SP3 (src): icedtea-web-1.4.2-0.7.1