Fedora 20 : icedtea-web-1.4.1-0.fc20 (2013-16971)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote Fedora host is missing a security update.

Description :

Updated to icedtea-web 1.4.1 New in release 1.4.1 (2013-XX-YY) :

- Improved and cleaned Temporary internet files panel

- PR1465 - java.io.FileNotFoundException while trying to
download a JAR file

- PR1473 - javaws should not depend on name of local

- PR854: Resizing an applet several times causes 100%
CPU load

- CVE-2012-4540, RH869040: Heap-based buffer overflow
after triggering event attached to applet

- reproducers tests are enabled in dist-tarball

- application context support for OpenJDK build 25 and

- small patches into rhino support and

- PR1533: Inherit jnlp.packEnabled and
jnlp.versionEnabled like other properties

- add icedtea-web man page

- make check enabled again

- should be build for non-standart archs

- removed unused multilib arches

See also :


Solution :

Update the affected icedtea-web package.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 70060 ()

Bugtraq ID: 56434

CVE ID: CVE-2012-4540