openSUSE Security Update: update for icedtea-web ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1509-1 Rating: moderate References: #840572 Cross-References: CVE-2012-4540 CVE-2013-4349 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This icedtea-web update fixes several security issues. Changes in icedtea-web: - update to 1.4.1 (bnc#840572) * Improved and cleaned Temporary internet files panel * NetX - PR1465 - java.io.FileNotFoundException while trying to download a JAR file - PR1473 - javaws should not depend on name of local file * Plugin - PR854: Resizing an applet several times causes 100% CPU load * Security Updates - CVE-2013-4349, RH869040: Heap-based buffer overflow after triggering event attached to applet CVE-2012-4540 nit fixed in icedtea-web 1.4 * Misc - reproducers tests are enabled in dist-tarball - application context support for OpenJDK build 25 and higher - small patches into rhino support and - PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties - need jpackage-utils on older distros - run more tests in %check - drop icedtea-web-AppContext.patch, already upstream - add javapackages-tools to build requires Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-733 - openSUSE 12.2: zypper in -t patch openSUSE-2013-733 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): icedtea-web-1.4.1-4.22.1 icedtea-web-debuginfo-1.4.1-4.22.1 icedtea-web-debugsource-1.4.1-4.22.1 - openSUSE 12.3 (noarch): icedtea-web-javadoc-1.4.1-4.22.1 - openSUSE 12.2 (i586 x86_64): icedtea-web-1.4.1-1.25.1 icedtea-web-debuginfo-1.4.1-1.25.1 icedtea-web-debugsource-1.4.1-1.25.1 - openSUSE 12.2 (noarch): icedtea-web-javadoc-1.4.1-1.25.1 References: http://support.novell.com/security/cve/CVE-2012-4540.html http://support.novell.com/security/cve/CVE-2013-4349.html https://bugzilla.novell.com/840572