Mailinglist Archive: opensuse-updates (91 mails)

< Previous Next >
openSUSE-SU-2014:0310-1: moderate: icedtea-web: 1.4.2 bugfix update
openSUSE Security Update: icedtea-web: 1.4.2 bugfix update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0310-1
Rating: moderate
References: #864364
Cross-References: CVE-2013-6493
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


icedtea-web was updated to version 1.4.2 (bnc#864364),
fixing various bugs and a security issues:

* Dialogs center on screen before becoming visible
* Support for u45 new manifest attributes (Application-Name)
* Custom applet permission policies panel in itweb-settings
control panel
* Plugin
- PR1271: icedtea-web does not handle
'javascript:'-protocol URLs
- RH976833: Multiple applets on one page cause deadlock
- Enabled javaconsole
* Security Updates
- CVE-2013-6493/RH1010958: insecure temporary file use
flaw in LiveConnect implementation
* Except above also:
- Christmas splashscreen extension
- fixed classloading deadlocks
- cleaned code from warnings
- pipes moved to XDG runtime dir
* Patches changes:
* rebased icedtea-web-1.1-moonlight-symbol-clash.patch
* add icedtea-web-1.4.2-mkdir.patch
* add icedtea-web-1.4.2-softkiller-link.patch
* build with rhino support
* use fdupes
* run make run-netx-dist-tests in %check on openSUSE > 13.1


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-176

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-176

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

icedtea-web-1.4.2-4.1
icedtea-web-debuginfo-1.4.2-4.1
icedtea-web-debugsource-1.4.2-4.1

- openSUSE 13.1 (noarch):

icedtea-web-javadoc-1.4.2-4.1

- openSUSE 12.3 (i586 x86_64):

icedtea-web-1.4.2-4.26.1
icedtea-web-debuginfo-1.4.2-4.26.1
icedtea-web-debugsource-1.4.2-4.26.1

- openSUSE 12.3 (noarch):

icedtea-web-javadoc-1.4.2-4.26.1


References:

http://support.novell.com/security/cve/CVE-2013-6493.html
https://bugzilla.novell.com/864364


< Previous Next >
This Thread
  • No further messages