You are here

V-138: Red Hat update for icedtea-web

April 19, 2013 - 6:00am

Addthis

PROBLEM:

Red Hat has issued an update for icedtea-web

PLATFORM:

Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6

ABSTRACT:

This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions

REFERENCE LINKS:

Secunia Advisory SA53109
RHSA-2013:0753-1
CVE-2013-1926
CVE-2013-1917

 

IMPACT ASSESSMENT:

Medium

DISCUSSION:

An error within the browser plugin uses the same class loader for applets with the same codebase paths, which can be exploited to gain information about or to manipulate currently running applets from other domains.

error within the plugin does not properly verify the format of the downloaded Java Archive (JAR) files and can be exploited to execute code in the context of arbitrary websites.

IMPACT:

Hijacking
Security Bypass

SOLUTION:

Vendor recommends updating to Version 1.2.3

Addthis