openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0981-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- update to 1.2.1 (bnc#773458)

- Security Updates

- CVE-2012-3422, RH840592: Potential read from an
uninitialized memory location

- CVE-2012-3423, RH841345: Incorrect handling of not
0-terminated strings

- NetX

- PR898: signed applications with big jnlp-file doesn't
start (webstart affect like 'frozen')

- PR811: javaws is not handling urls with spaces (and
other characters needing encoding) correctly

- 816592: icedtea-web not loading GeoGebra java applets in
Firefox or Chrome

- Plugin

- PR863: Error passing strings to applet methods in
Chromium

- PR895: IcedTea-Web searches for missing classes on each
loadClass or findClass

- PR518: NPString.utf8characters not guaranteed to be
nul-terminated

- Common

- RH838417: Disambiguate signed applet security prompt
from certificate warning

- RH838559: Disambiguate signed applet security prompt
from certificate warning

See also :

http://lists.opensuse.org/opensuse-updates/2012-08/msg00021.html
https://bugzilla.novell.com/show_bug.cgi?id=773458

Solution :

Update the affected icedtea-web packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 74711 ()

Bugtraq ID:

CVE ID: CVE-2012-3422
CVE-2012-3423

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now