openSUSE Security Update: icedtea-web: 1.4.2 bugfix update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0310-1 Rating: moderate References: #864364 Cross-References: CVE-2013-6493 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: icedtea-web was updated to version 1.4.2 (bnc#864364), fixing various bugs and a security issues: * Dialogs center on screen before becoming visible * Support for u45 new manifest attributes (Application-Name) * Custom applet permission policies panel in itweb-settings control panel * Plugin - PR1271: icedtea-web does not handle 'javascript:'-protocol URLs - RH976833: Multiple applets on one page cause deadlock - Enabled javaconsole * Security Updates - CVE-2013-6493/RH1010958: insecure temporary file use flaw in LiveConnect implementation * Except above also: - Christmas splashscreen extension - fixed classloading deadlocks - cleaned code from warnings - pipes moved to XDG runtime dir * Patches changes: * rebased icedtea-web-1.1-moonlight-symbol-clash.patch * add icedtea-web-1.4.2-mkdir.patch * add icedtea-web-1.4.2-softkiller-link.patch * build with rhino support * use fdupes * run make run-netx-dist-tests in %check on openSUSE > 13.1 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-176 - openSUSE 12.3: zypper in -t patch openSUSE-2014-176 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): icedtea-web-1.4.2-4.1 icedtea-web-debuginfo-1.4.2-4.1 icedtea-web-debugsource-1.4.2-4.1 - openSUSE 13.1 (noarch): icedtea-web-javadoc-1.4.2-4.1 - openSUSE 12.3 (i586 x86_64): icedtea-web-1.4.2-4.26.1 icedtea-web-debuginfo-1.4.2-4.26.1 icedtea-web-debugsource-1.4.2-4.26.1 - openSUSE 12.3 (noarch): icedtea-web-javadoc-1.4.2-4.26.1 References: http://support.novell.com/security/cve/CVE-2013-6493.html https://bugzilla.novell.com/864364