SUSE-SU-2014:0397-1: Security update for icedtea-web

sle-security-updates at sle-security-updates at
Wed Mar 19 10:04:12 MDT 2014

   SUSE Security Update: Security update for icedtea-web

Announcement ID:    SUSE-SU-2014:0397-1
Rating:             low
References:         #864364 
Cross-References:   CVE-2013-6493
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP3

   An update that fixes one vulnerability is now available. It
   includes one version update.


   The OpenJDK Java Plugin IcedTea Web was released to fix a
   temporary file  access problem.


   * Dialogs center on screen before becoming visible.
   * Support for u45 new manifest attributes
   * Custom applet permission policies panel in
   itweb-settings control panel.
   * Plugin fixes: o PR1271: icedtea-web does not handle
   'javascript:'-protocol URLs o RH976833: Multiple applets on
   one page cause deadlock o Enabled javaconsole.
   * Security fixes: o CVE-2013-6493/RH1010958: Insecure
   temporary file use flaw in LiveConnect implementation.
   * Additional fixes and changes: o Christmas
   splashscreen extension o Fixed classloading deadlocks o
   Cleaned code from warnings o Pipes moved to XDG runtime dir.

   Security Issue references:

   * CVE-2013-6493

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-icedtea-web-8974

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.4.2]:



More information about the sle-security-updates mailing list