Mailinglist Archive: opensuse-updates (33 mails)

< Previous Next >
openSUSE-SU-2012:0371-1: moderate: update for icedtea-web
openSUSE Security Update: update for icedtea-web

Announcement ID: openSUSE-SU-2012:0371-1
Rating: moderate
References: #729870 #737105 #746895
Cross-References: CVE-2011-3377
Affected Products:
openSUSE 12.1

An update that solves one vulnerability and has two fixes
is now available.


- update to 1.2
- New features:
* Signed JNLP support
* Support for client authentication certificates
* Cache size enforcement now supported via itweb-settings
* Applet parameter passing through JNLP files now supported
* Better icons for access warning dialog
* Security Dialog UI revamped to make it look less
threatening when appropriate
- Fixes (plugin, webstart, common)
* PR618: Can't install OpenDJ, JavaWebStart fails with
Input stream is null error
* PR765: JNLP file with all resource jars marked as 'lazy'
fails to validate signature and stops the launch of
* PR788: Elluminate Live! is not working
* PR804: javaws launcher incorrectly handles file names
with spaces
* PR820, bnc#746895: IcedTea-Web 1.1.3 crashing Firefox
when loading Citrix XenApp
* PR838: IcedTea plugin crashes with chrome browser when
javascript is executed
* PR852: Classloader not being flushed after last applet
from a site is closed
* RH586194: Unable to connect to connect with Juniper VPN
* PR771: IcedTea-Web certificate verification code does
not use the right API
* PR742: IcedTea-Web checks certs only upto 1 level deep
before declaring them untrusted.
* PR789: typo in
* PR808: javaws is unable to start, when missing jars are
enumerated before main jar
* RH738814: Access denied at ssl handshake
* Support for authenticating using client certificates
- fix bnc#737105/FATE#313084: add Supplements:
packageand(broswer(npapi):java-openjdk) ensures the web
plugin is pulled in when openjdk and capable browser is

- enable make check in respective section

- update to 1.1.4 (fixes bnc#729870)
- RH742515, CVE-2011-3377: IcedTea-Web: second-level
domain subdomains and suffix domain SOP bypass
- PR778: Jar download and server certificate verification

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-163

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.1 (i586 x86_64):


- openSUSE 12.1 (noarch):



< Previous Next >
This Thread
  • No further messages