Mailinglist Archive: opensuse-updates (91 mails)

< Previous Next >
openSUSE-SU-2014:0310-1: moderate: icedtea-web: 1.4.2 bugfix update
openSUSE Security Update: icedtea-web: 1.4.2 bugfix update

Announcement ID: openSUSE-SU-2014:0310-1
Rating: moderate
References: #864364
Cross-References: CVE-2013-6493
Affected Products:
openSUSE 13.1
openSUSE 12.3

An update that fixes one vulnerability is now available.


icedtea-web was updated to version 1.4.2 (bnc#864364),
fixing various bugs and a security issues:

* Dialogs center on screen before becoming visible
* Support for u45 new manifest attributes (Application-Name)
* Custom applet permission policies panel in itweb-settings
control panel
* Plugin
- PR1271: icedtea-web does not handle
'javascript:'-protocol URLs
- RH976833: Multiple applets on one page cause deadlock
- Enabled javaconsole
* Security Updates
- CVE-2013-6493/RH1010958: insecure temporary file use
flaw in LiveConnect implementation
* Except above also:
- Christmas splashscreen extension
- fixed classloading deadlocks
- cleaned code from warnings
- pipes moved to XDG runtime dir
* Patches changes:
* rebased icedtea-web-1.1-moonlight-symbol-clash.patch
* add icedtea-web-1.4.2-mkdir.patch
* add icedtea-web-1.4.2-softkiller-link.patch
* build with rhino support
* use fdupes
* run make run-netx-dist-tests in %check on openSUSE > 13.1

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-176

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-176

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.1 (i586 x86_64):


- openSUSE 13.1 (noarch):


- openSUSE 12.3 (i586 x86_64):


- openSUSE 12.3 (noarch):



< Previous Next >
This Thread
  • No further messages