openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0981-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

- update to 1.2.1 (bnc#773458)

- Security Updates

- CVE-2012-3422, RH840592: Potential read from an
uninitialized memory location

- CVE-2012-3423, RH841345: Incorrect handling of not
0-terminated strings

- NetX

- PR898: signed applications with big jnlp-file doesn't
start (webstart affect like 'frozen')

- PR811: javaws is not handling urls with spaces (and
other characters needing encoding) correctly

- 816592: icedtea-web not loading GeoGebra java applets in
Firefox or Chrome

- Plugin

- PR863: Error passing strings to applet methods in

- PR895: IcedTea-Web searches for missing classes on each
loadClass or findClass

- PR518: NPString.utf8characters not guaranteed to be

- Common

- RH838417: Disambiguate signed applet security prompt
from certificate warning

- RH838559: Disambiguate signed applet security prompt
from certificate warning

See also :

Solution :

Update the affected icedtea-web packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: SuSE Local Security Checks

Nessus Plugin ID: 74711 ()

Bugtraq ID:

CVE ID: CVE-2012-3422

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now