SUSE-SU-2015:1689-1: moderate: Security update for icedtea-web

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Oct 6 05:09:32 MDT 2015


   SUSE Security Update: Security update for icedtea-web
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1689-1
Rating:             moderate
References:         #944208 #944209 
Cross-References:   CVE-2015-5234 CVE-2015-5235
Affected Products:
                    SUSE Linux Enterprise Desktop 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:


   The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security
   issues.

   * permissions sandbox and signed app and unsigned app with permissions
     all-permissions now run in sandbox instead of not at all.
   * fixed DownloadService
   * RH1231441 Unable to read the text of the buttons of the security dialogue
   * Fixed RH1233697 icedtea-web: applet origin spoofing (CVE-2015-5235,
     bsc#944208)
   * Fixed RH1233667 icedtea-web: unexpected permanent authorization
     of unsigned applets (CVE-2015-5234, bsc#944209)
   * MissingALACAdialog made available also for unsigned applications (but
     ignoring actual manifest value) and fixed


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11-SP4:

      zypper in -t patch sledsp4-icedtea-web-12116=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-icedtea-web-12116=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):

      icedtea-web-1.5.3-0.9.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      icedtea-web-debuginfo-1.5.3-0.9.1
      icedtea-web-debugsource-1.5.3-0.9.1


References:

   https://www.suse.com/security/cve/CVE-2015-5234.html
   https://www.suse.com/security/cve/CVE-2015-5235.html
   https://bugzilla.suse.com/944208
   https://bugzilla.suse.com/944209



More information about the sle-security-updates mailing list