icedtea-web-1.2.1-1.0.1.AXS4

エラータID: AXSA:2012-832:05

Release date: 
Tuesday, September 11, 2012 - 14:01
Subject: 
icedtea-web-1.2.1-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The IcedTea-Web project provides a Java web browser plugin, an implementation of Java Web Start (originally based on the Netx project) and a settings tool to manage deployment settings for the aforementioned plugin and Web Start implementations.

Security issues fixed with this release:

CVE-2012-3422
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.

CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.

Solution: 

Update packages.

CVEs: 
CVE-2012-3422
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
Additional Info: 

N/A

Download: 

SRPMS
  1. icedtea-web-1.2.1-1.0.1.AXS4.src.rpm
    MD5: d035b96b83d205ba4fa0cf22f93ea208
    SHA-256: 3d902edba9b2b804fab2f23351bf7a33bb8e33d428222b5e7cc896b8f86bdf04
    Size: 867.00 kB

Asianux Server 4 for x86
  1. icedtea-web-1.2.1-1.0.1.AXS4.i686.rpm
    MD5: 083b59bf1e6a79a2ab4df11e7678f32b
    SHA-256: 278799b168c12c90b76e9af2351982c33197d4ddf1937310b305fcc6dd9d2639
    Size: 661.71 kB

Asianux Server 4 for x86_64
  1. icedtea-web-1.2.1-1.0.1.AXS4.x86_64.rpm
    MD5: a0df7cb3def6a401ab85ede8c89e6888
    SHA-256: 8630292675bb88f66cfb43b23beaa3c70aa7def4161013dcaaefaf2ea456ba28
    Size: 664.78 kB