Mailinglist Archive: opensuse-updates (111 mails)

< Previous Next >
openSUSE-SU-2013:0715-1: moderate: update for icedtea-web
openSUSE Security Update: update for icedtea-web
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0715-1
Rating: moderate
References: #815596
Cross-References: CVE-2013-1926 CVE-2013-1927
Affected Products:
openSUSE 12.2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

- update to 1.3.2 (bnc#815596)
- Security Updates
* CVE-2013-1927, RH884705: fixed gifar vulnerability
* CVE-2013-1926, RH916774: Class-loader incorrectly
shared for applets with same relative-path.
- Common
* Added new option in itw-settings which allows users to
set JVM arguments when plugin is initialized.
- NetX
* PR580: http://www.horaoficial.cl/ loads improperly
- Plugin
* PR1260: IcedTea-Web should not rely on GTK obsoletes
icedtea-web-remove-gtk-dep.patch
* PR1157: Applets can hang browser after fatal exception

- Add icedtea-web-remove-gtk-dep.patch, build icedtea-web
without GTK. Plugin now works in both gtk2 and gtk3 based
browsers.

- limit the provides/obsoletes to architectures, where
-plugin package existed and don't pollute shiny new arm
with an old garbage

- handle the package renaming on arm properly


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-371

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

icedtea-web-1.3.2-1.13.1
icedtea-web-debuginfo-1.3.2-1.13.1
icedtea-web-debugsource-1.3.2-1.13.1

- openSUSE 12.2 (noarch):

icedtea-web-javadoc-1.3.2-1.13.1


References:

http://support.novell.com/security/cve/CVE-2013-1926.html
http://support.novell.com/security/cve/CVE-2013-1927.html
https://bugzilla.novell.com/815596


< Previous Next >
This Thread
  • No further messages