SUSE-SU-2014:0397-1: Security update for icedtea-web

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Mar 19 10:04:12 MDT 2014


   SUSE Security Update: Security update for icedtea-web
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0397-1
Rating:             low
References:         #864364 
Cross-References:   CVE-2013-6493
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that fixes one vulnerability is now available. It
   includes one version update.

Description:


   The OpenJDK Java Plugin IcedTea Web was released to fix a
   temporary file  access problem.

   Changes:

   * Dialogs center on screen before becoming visible.
   * Support for u45 new manifest attributes
   (Application-Name).
   * Custom applet permission policies panel in
   itweb-settings control panel.
   * Plugin fixes: o PR1271: icedtea-web does not handle
   'javascript:'-protocol URLs o RH976833: Multiple applets on
   one page cause deadlock o Enabled javaconsole.
   * Security fixes: o CVE-2013-6493/RH1010958: Insecure
   temporary file use flaw in LiveConnect implementation.
   * Additional fixes and changes: o Christmas
   splashscreen extension o Fixed classloading deadlocks o
   Cleaned code from warnings o Pipes moved to XDG runtime dir.

   Security Issue references:

   * CVE-2013-6493
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6493
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-icedtea-web-8974

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.4.2]:

      icedtea-web-1.4.2-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2013-6493.html
   https://bugzilla.novell.com/864364
   http://download.suse.com/patch/finder/?keywords=6aa1fad869d16e905d455574f086e576



More information about the sle-security-updates mailing list