icedtea-web-1.6.2-1.0.1.AXS4

エラータID: AXSA:2016-504:01

Release date: 
Monday, June 13, 2016 - 19:11
Subject: 
icedtea-web-1.6.2-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

The IcedTea-Web project provides a Java web browser plugin, an implementation
of Java Web Start (originally based on the Netx project) and a settings tool to
manage deployment settings for the aforementioned plugin and Web Start
implementations.

Security issues fixed with this release:

CVE-2015-5234
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly
sanitize applet URLs, which allows remote attackers to inject applets
into the .appletTrustSettings configuration file and bypass user
approval to execute the applet via a crafted web page, possibly
related to line breaks.
CVE-2015-5235
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly
determine the origin of unsigned applets, which allows remote
attackers to bypass the approval process or trick users into approving
applet execution via a crafted web page.

The following packages have been upgraded to a newer upstream version: icedtea-web (1.6.2).

Solution: 

Update packages.

CVEs: 
CVE-2015-5234
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
CVE-2015-5235
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
Additional Info: 

N/A

Download: 

SRPMS
  1. icedtea-web-1.6.2-1.0.1.AXS4.src.rpm
    MD5: b7d43c37872b84c0a3b0e9e8aea79a0f
    SHA-256: 57e9036ee0d6fb8bbf0529150fc3e5041043cf91e4c8925f866ce019e2cadb63
    Size: 1.74 MB

Asianux Server 4 for x86
  1. icedtea-web-1.6.2-1.0.1.AXS4.i686.rpm
    MD5: d8ea707ee6629c936ff96e5fbe46a794
    SHA-256: 54b219513683912b958a2ed7f1e742a7fd1b87363760ae837758fcaa9fbd2274
    Size: 1.55 MB

Asianux Server 4 for x86_64
  1. icedtea-web-1.6.2-1.0.1.AXS4.x86_64.rpm
    MD5: 74e9ea9c5f4ce3043495d5d7d985d768
    SHA-256: ed2b115c218689c0e8b3dcc176076b0d7706087cb1c483cfb6e835f50c4a718d
    Size: 1.58 MB