openSUSE Security Update: update for icedtea-web ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1511-1 Rating: moderate References: #840572 Cross-References: CVE-2012-4540 CVE-2013-4349 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This icedtea-web update fixes several security issues. Changes in icedtea-web: - update to 1.4.1 (bnc#840572) * Improved and cleaned Temporary internet files panel * NetX - PR1465 - java.io.FileNotFoundException while trying to download a JAR file - PR1473 - javaws should not depend on name of local file * Plugin - PR854: Resizing an applet several times causes 100% CPU load * Security Updates - CVE-2013-4349, RH869040: Heap-based buffer overflow after triggering event attached to applet CVE-2012-4540 nit fixed in icedtea-web 1.4 * Misc - reproducers tests are enabled in dist-tarball - application context support for OpenJDK build 25 and higher - small patches into rhino support and - PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties - need jpackage-utils on older distros Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-142 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): icedtea-web-1.4.1-38.2 icedtea-web-debuginfo-1.4.1-38.2 icedtea-web-debugsource-1.4.1-38.2 - openSUSE 11.4 (noarch): icedtea-web-javadoc-1.4.1-38.2 References: http://support.novell.com/security/cve/CVE-2012-4540.html http://support.novell.com/security/cve/CVE-2013-4349.html https://bugzilla.novell.com/840572