U radu programskog paketa icedtea-web uočen je sigurnosni propust kojeg udaljeni napadač može iskoristiti za dobivanje većih privilegija i zaobilaženje ograničenja u sustavu.
Paket:
icedtea-web 1.x
Operacijski sustavi:
Fedora 15, Fedora 16
Kritičnost:
4.3
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
dobivanje većih privilegija, zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3377
Izvorni ID preporuke:
FEDORA-2011-15691
Izvor:
Fedora
Problem:
Sigurnosna ranjivost je posljedica pogrešne implementacije dodatka vezanog uz "same-origin" politiku.
Posljedica:
Udaljeni napadač navedenu ranjivost može iskoristiti za otvaranje mrežnih veza s računalima (eng. Host) koji nisu izvorni domaćin.
Rješenje:
Svim se korisnicima navedenog programskog paketa, u svrhu zaštite sigurnosti, savjetuje primjena nadogradnje.
---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-15691
2011-11-10 16:49:05
---------------------------------------------------------------------------=
-----
Name : icedtea-web
Product : Fedora 16
Version : 1.1.4
Release : 1.fc16
URL : http://icedtea.classpath.org/wiki/IcedTea-Web
Summary : Additional Java components for OpenJDK
Description :
The IcedTea-Web project provides a Java web browser plugin, an implementati=
on
of Java Web Start (originally based on the Netx project) and a settings too=
l to
manage deployment settings for the aforementioned plugin and Web Start
implementations.
---------------------------------------------------------------------------=
-----
Update Information:
This update addresses the following:
RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and su=
ffix domain SOP bypass
---------------------------------------------------------------------------=
-----
ChangeLog:
* Tue Nov 8 2011 Deepak Bhole <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.1.4-1
- Updated to 1.0.6
- Added npapi-fix patch so that the plug-in compiles with xulrunner 8
---------------------------------------------------------------------------=
-----
This update can be installed with the "yum" update program. Use =
su -c 'yum update icedtea-web' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-15673
2011-11-10 16:48:04
---------------------------------------------------------------------------=
-----
Name : icedtea-web
Product : Fedora 15
Version : 1.0.6
Release : 1.fc15
URL : http://icedtea.classpath.org/wiki/IcedTea-Web
Summary : Additional Java components for OpenJDK
Description :
The IcedTea-Web project provides a Java web browser plugin, an implementati=
on
of Java Web Start (originally based on the Netx project) and a settings too=
l to
manage deployment settings for the aforementioned plugin and Web Start
implementations.
---------------------------------------------------------------------------=
-----
Update Information:
This update addresses the following:
RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and su=
ffix domain SOP bypass
---------------------------------------------------------------------------=
-----
ChangeLog:
* Tue Nov 8 2011 Deepak Bhole <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.0.6-1
- Updated to 1.0.6
- Added npapi-fix patch so that the plug-in compiles with xulrunner 8
* Wed Sep 28 2011 Deepak Bhole <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.0.5-1
- Updated to 1.0.5
* Wed Jul 20 2011 Deepak Bhole <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.0.4-1
- Bump to 1.0.4
- Fixed rhbz#718164: Home directory path disclosure to untrusted applicatio=
ns
- Fixed rhbz#718170: Java Web Start security warning dialog manipulation
* Mon Jun 13 2011 Deepak Bhole <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.0.3-1
- Update to 1.0.3
- Resolves: rhbz#691259
---------------------------------------------------------------------------=
-----
This update can be installed with the "yum" update program. Use =
su -c 'yum update icedtea-web' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke