Lucene search
Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web)
🗓️ 03 Aug 2012 00:00:00Reported by Copyright (c) 2012 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 18 Views
Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web) includes fixes for multiple vulnerabilities in the IcedTea-Web browser plugin, addressing issues such as uninitialized pointer use, buffer over-read/write, and possible information leaks, crashes, or code execution
Show more
| Reporter | Title | Published | Views | Family All 73 |
|---|---|---|---|---|
 | (RHSA-2012:1132) Important: icedtea-web security update | 31 Jul 201200:00 | – | redhat |
 | icedtea-web: Update to 1.2.1 (bnc#) (important) | 10 Aug 201221:08 | – | suse |
| Security update for icedtea-web (important) | 9 Aug 201220:08 | – | suse |
| update for icedtea-web (important) | 13 Aug 201209:08 | – | suse |
| Security update for icedtea-web (important) | 10 Jul 201319:04 | – | suse |
| Security update for icedtea-web (important) | 31 May 201319:04 | – | suse |
 | Fedora 18 : icedtea-web-1.3-1.fc18 (2012-14370) | 26 Sep 201200:00 | – | nessus |
| Oracle Linux 6 : icedtea-web (ELSA-2012-1132) | 12 Jul 201300:00 | – | nessus |
| openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0982-1) | 13 Jun 201400:00 | – | nessus |
| Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : icedtea-web vulnerabilities (USN-1521-1) | 1 Aug 201200:00 | – | nessus |
10
| Source | Link |
|---|---|
| mandriva | www.mandriva.com/en/support/security/advisories/ |
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Multiple vulnerabilities has been discovered and corrected in
icedtea-web:
An uninitialized pointer use flaw was found in IcedTea-Web web
browser plugin. A malicious web page could use this flaw make
IcedTea-Web browser plugin pass invalid pointer to a web browser.
Depending on the browser used, it may cause the browser to crash or
possibly execute arbitrary code (CVE-2012-3422).
It was discovered that the IcedTea-Web web browser plugin incorrectly
assumed that all strings provided by browser are NUL terminated,
which is not guaranteed by the NPAPI (Netscape Plugin Application
Programming Interface). When used in a browser that does not NUL
terminate NPVariant NPStrings, this could lead to buffer over-read
or over-write, resulting in possible information leak, crash, or code
execution (CVE-2012-3423).
The updated packages have been upgraded to the 1.1.6 version which
is not affected by these issues.";
tag_affected = "icedtea-web on Mandriva Linux 2011.0,
Mandriva Enterprise Server 5.2";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:122");
script_id(831710);
script_version("$Revision: 8257 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $");
script_tag(name:"creation_date", value:"2012-08-03 11:19:16 +0530 (Fri, 03 Aug 2012)");
script_cve_id("CVE-2012-3422", "CVE-2012-3423");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "MDVSA", value: "2012:122");
script_name("Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web)");
script_tag(name: "summary" , value: "Check for the Version of icedtea-web");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2011.0")
{
if ((res = isrpmvuln(pkg:"icedtea-web", rpm:"icedtea-web~1.1.6~0.1", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"icedtea-web-javadoc", rpm:"icedtea-web-javadoc~1.1.6~0.1", rls:"MNDK_2011.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_mes5.2")
{
if ((res = isrpmvuln(pkg:"icedtea-web", rpm:"icedtea-web~1.1.6~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"icedtea-web-javadoc", rpm:"icedtea-web-javadoc~1.1.6~0.1mdvmes5.2", rls:"MNDK_mes5.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo03 Aug 2012 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.11762