SUSE-SU-2015:1689-1: moderate: Security update for icedtea-web

sle-security-updates at sle-security-updates at
Tue Oct 6 05:09:32 MDT 2015

   SUSE Security Update: Security update for icedtea-web

Announcement ID:    SUSE-SU-2015:1689-1
Rating:             moderate
References:         #944208 #944209 
Cross-References:   CVE-2015-5234 CVE-2015-5235
Affected Products:
                    SUSE Linux Enterprise Desktop 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4

   An update that fixes two vulnerabilities is now available.


   The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security

   * permissions sandbox and signed app and unsigned app with permissions
     all-permissions now run in sandbox instead of not at all.
   * fixed DownloadService
   * RH1231441 Unable to read the text of the buttons of the security dialogue
   * Fixed RH1233697 icedtea-web: applet origin spoofing (CVE-2015-5235,
   * Fixed RH1233667 icedtea-web: unexpected permanent authorization
     of unsigned applets (CVE-2015-5234, bsc#944209)
   * MissingALACAdialog made available also for unsigned applications (but
     ignoring actual manifest value) and fixed

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11-SP4:

      zypper in -t patch sledsp4-icedtea-web-12116=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-icedtea-web-12116=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):


   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):



More information about the sle-security-updates mailing list