Fedora 20 : icedtea-web-1.4.1-0.fc20 (2013-16971)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Updated to icedtea-web 1.4.1 New in release 1.4.1 (2013-XX-YY) :

- Improved and cleaned Temporary internet files panel

- PR1465 - java.io.FileNotFoundException while trying to
download a JAR file

- PR1473 - javaws should not depend on name of local
file

- PR854: Resizing an applet several times causes 100%
CPU load

- CVE-2012-4540, RH869040: Heap-based buffer overflow
after triggering event attached to applet

- reproducers tests are enabled in dist-tarball

- application context support for OpenJDK build 25 and
higher

- small patches into rhino support and

- PR1533: Inherit jnlp.packEnabled and
jnlp.versionEnabled like other properties

- add icedtea-web man page

- make check enabled again

- should be build for non-standart archs

- removed unused multilib arches

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1007960
http://www.nessus.org/u?dd54ac18

Solution :

Update the affected icedtea-web package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 70060 ()

Bugtraq ID: 56434
62426

CVE ID: CVE-2012-4540