icedtea-web-1.0.4-2.0.1.AXS4
エラータID: AXSA:2011-468:01
リリース日:
2011/12/28 Wednesday - 20:28
題名:
icedtea-web-1.0.4-2.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
The IcedTea-Web project provides a Java web browser plugin, an implementation
of Java Web Start (originally based on the Netx project) and a settings tool to
manage deployment settings for the aforementioned plugin and Web Start
implementations.
Security issues fixed with this release:
CVE-2011-2513
CVE-2011-2514
No description available at the time of writing, please see the CVE links below
解決策:
Update packages.
CVE:
CVE-2011-2513
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.
CVE-2011-2514
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.
追加情報:
From Asianux Server 4 SP1.
ダウンロード:
SRPMS
- icedtea-web-1.0.4-2.0.1.AXS4.src.rpm
MD5: e3fbfa6bbd94ea8969c733f2258b38ef
SHA-256: 26b0d58968cbbeef41dc1e1f99df9d89ac7fc019e97f1d6a16f33e7fbebf8977
Size: 746.53 kB
Asianux Server 4 for x86
- icedtea-web-1.0.4-2.0.1.AXS4.i686.rpm
MD5: 952f54d7217b33b55885bb4fd51ebb75
SHA-256: 928a071534b34951b97cc7b7c6b00e165495ea5136e642686d10403930aaf2d2
Size: 603.64 kB
Asianux Server 4 for x86_64
- icedtea-web-1.0.4-2.0.1.AXS4.x86_64.rpm
MD5: 7bdb05c440f1d60aee4cc48ee7fe393d
SHA-256: 27c24e4ac3047ed9d9690d6b0dc39401c2a09cdb5a5ab7a47296c25eb7c662cc
Size: 606.55 kB