U radu programskog paketa Icedtea-web uočeni su sigurnosni propusti koji lokalnom napadaču omogućuju neovlašteni pristup sustavu te izmjenu korisničkih podataka.
Paket:
icedtea-web 1.x
Operacijski sustavi:
Fedora 15
Kritičnost:
5.1
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
izmjena podataka, neovlašteni pristup sustavu
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-2513, CVE-2011-2514
Izvorni ID preporuke:
FEDORA-2011-9541
Izvor:
Fedora
Problem:
Sigurnosne ranjivosti su posljedica pogreške u implementaciji programske komponente JNLP (eng. Java Network Launching Protocol).
Posljedica:
Lokalni zlonamjerni korisnik propuste može iskoristiti za neovlašteni pristup sustavu te izmjenu pojedinih korisničkih podataka.
Rješenje:
Svim se korisnicima navedenog programskog paketa, u svrhu zaštite sigurnosti, savjetuje korištenje dostupnih programskih nadogradnji.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-9541
2011-07-22 19:05:47
--------------------------------------------------------------------------------
Name : icedtea-web
Product : Fedora 15
Version : 1.0.4
Release : 1.fc15
URL : http://icedtea.classpath.org/wiki/IcedTea-Web
Summary : Additional Java components for OpenJDK
Description :
The IcedTea-Web project provides a Java web browser plugin, an implementation
of Java Web Start (originally based on the Netx project) and a settings tool
to
manage deployment settings for the aforementioned plugin and Web Start
implementations.
--------------------------------------------------------------------------------
Update Information:
This security fix that addresses the following issues:
- RH718164: Home directory path disclosure to untrusted applications
- RH718170: Java Web Start security warning dialog manipulation
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 20 2011 Deepak Bhole <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.0.4-1
- Bump to 1.0.4
- Fixed rhbz#718164: Home directory path disclosure to untrusted applications
- Fixed rhbz#718170: Java Web Start security warning dialog manipulation
* Mon Jun 13 2011 Deepak Bhole <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.0.3-1
- Update to 1.0.3
- Resolves: rhbz#691259
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #718164 - CVE-2011-2513 icedtea, icedtea-web: home directory path
disclosure to untrusted applications
https://bugzilla.redhat.com/show_bug.cgi?id=718164
[ 2 ] Bug #718170 - CVE-2011-2514 icedtea-web: Java Web Start security
warning dialog manipulation
https://bugzilla.redhat.com/show_bug.cgi?id=718170
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update icedtea-web' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke