Security update for icedtea-web (critical)

2013-10-0222:04:17

lists.opensuse.org

0.014 Low

EPSS

Percentile

85.1%

JSON

This icedtea-web update adds a missing fix for an
off-by-one heap-based buffer overflow.

bnc#840572: CVE-2013-4349: icedtea-web 1.4.1 fixes the
missing patch for CVE-2012-4540.

Security Issues:

CVE-2012-4540
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4540”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4540</a>
>
CVE-2013-4349
<<a href=“http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4349”>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4349</a>
>

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Desktop11.3x86_64icedtea-web< 1.4.1-0.11.1icedtea-web-1.4.1-0.11.1.x86_64.rpm
SUSE Linux Enterprise Desktop11.3i586icedtea-web< 1.4.1-0.11.1icedtea-web-1.4.1-0.11.1.i586.rpm
SUSE Linux Enterprise Desktop11.2i586icedtea-web< 1.4.1-0.8.1icedtea-web-1.4.1-0.8.1.i586.rpm
SUSE Linux Enterprise Desktop11.2x86_64icedtea-web< 1.4.1-0.8.1icedtea-web-1.4.1-0.8.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Desktop	11.3	x86_64	icedtea-web	< 1.4.1-0.11.1	icedtea-web-1.4.1-0.11.1.x86_64.rpm
SUSE Linux Enterprise Desktop	11.3	i586	icedtea-web	< 1.4.1-0.11.1	icedtea-web-1.4.1-0.11.1.i586.rpm
SUSE Linux Enterprise Desktop	11.2	i586	icedtea-web	< 1.4.1-0.8.1	icedtea-web-1.4.1-0.8.1.i586.rpm
SUSE Linux Enterprise Desktop	11.2	x86_64	icedtea-web	< 1.4.1-0.8.1	icedtea-web-1.4.1-0.8.1.x86_64.rpm