icedtea-web-1.2.3-2.0.1.AXS4

エラータID: AXSA:2013-414:02

Release date: 
Friday, April 26, 2013 - 20:09
Subject: 
icedtea-web-1.2.3-2.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

The IcedTea-Web project provides a Java web browser plugin, an implementation of Java Web Start (originally based on the Netx project) and a settings tool to manage deployment settings for the aforementioned plugin and Web Start implementations.

Security issues fixed with this release:

• CVE-2013-1926
• CVE-2013-1927
No description available at the time of writing, please use the CVE links below.

Solution: 

Update packages.

CVEs: 
CVE-2013-1926
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
CVE-2013-1927
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
Additional Info: 

N/A

Download: 

SRPMS
  1. icedtea-web-1.2.3-2.0.1.AXS4.src.rpm
    MD5: c095748bfa93200927dafd17e8039553
    SHA-256: 27648083ec9573692d648e2c6d753ae13657428af607a095844da7bf5d179297
    Size: 891.08 kB

Asianux Server 4 for x86
  1. icedtea-web-1.2.3-2.0.1.AXS4.i686.rpm
    MD5: c398e6fbfbf6b2ee80588fb43e486feb
    SHA-256: b7253b15b43bb97ccceb6e9a343436a3df4ca925d150f4369a31646054bc0000
    Size: 668.79 kB

Asianux Server 4 for x86_64
  1. icedtea-web-1.2.3-2.0.1.AXS4.x86_64.rpm
    MD5: a0eb24accb7f458fb19420b582f32ace
    SHA-256: 87e141e9e8a621ecc67372f81479850ea95079b537853c2bb49477ac1acc2353
    Size: 671.94 kB