MDVSA-2012:171

Nom du paquet

icedtea-web

Date

2012-11-09

Advisory ID

MDVSA-2012:171

Affected versions

MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been discovered and corrected in icedtea-web:

A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting
a malicious web page could cause a web browser using the IcedTea-Web
plug-in to crash or, possibly, execute arbitrary code (CVE-2012-4540).

The updated packages have been upgraded to the 1.1.7 version which
is not affected by this issue.

Updated packages

MES5 i586

 02f8f1fb3187bf2b019e10fc3ff542de  mes5/i586/icedtea-web-1.1.7-0.1mdvmes5.2.i586.rpm
 ed87b63e3a7a05fa93a7d887594e4cfa  mes5/i586/icedtea-web-javadoc-1.1.7-0.1mdvmes5.2.i586.rpm 
 e31f99b5ae33cd33b3e15e2f8687bce9  mes5/SRPMS/icedtea-web-1.1.7-0.1mdvmes5.2.src.rpm

MES5 x86_64

 5e43c50a281a08bfa9fa15189e5e0813  mes5/x86_64/icedtea-web-1.1.7-0.1mdvmes5.2.x86_64.rpm
 b6ab717a912c368362e2665f21cde758  mes5/x86_64/icedtea-web-javadoc-1.1.7-0.1mdvmes5.2.x86_64.rpm 
 e31f99b5ae33cd33b3e15e2f8687bce9  mes5/SRPMS/icedtea-web-1.1.7-0.1mdvmes5.2.src.rpm

References

• https://bugzilla.redhat.com/show_bug.cgi?id=869040
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4540