CVE-2012-4540
SUSE Linux Enterprise Desktop 11 SP2,SUSE Linux Enterprise Desktop 11 SP3
CVE-2012-4540, security advisory, novell, suse linux, suse, security, cve

CVE-2012-4540

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-4540 at MITRE

Description

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.82
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 787846 [RESOLVED / FIXED], 840572 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • icedtea-web >= 1.4.1-0.8.1
Patchnames:
sledsp2-icedtea-web
SUSE Linux Enterprise Desktop 11 SP3
  • icedtea-web >= 1.4.1-0.11.1
Patchnames:
sledsp3-icedtea-web
SUSE Linux Enterprise Desktop 11 SP2
  • icedtea-web >= 1.4.1-0.8.1
Builds
SAT Patch Nr: 8357
SUSE Linux Enterprise Desktop 11 SP3
  • icedtea-web >= 1.4.1-0.11.1
Builds
SAT Patch Nr: 8358
SUSE Linux Enterprise Desktop 11 SP2
  • icedtea-web >= 1.3.1-0.5.1
sled11-sp2.x86-64
sled11-sp2.x86
SAT Patch Nr: 7041
openSUSE 12.3
  • icedtea-web >= 1.4.1-4.22.1
  • icedtea-web-debuginfo >= 1.4.1-4.22.1
  • icedtea-web-debugsource >= 1.4.1-4.22.1
  • icedtea-web-javadoc >= 1.4.1-4.22.1
Patchnames:
openSUSE-2013-733
openSUSE 13.1
  • icedtea-web >= 1.5.3-0.7.1
  • icedtea-web-debuginfo >= 1.5.3-0.7.1
  • icedtea-web-debugsource >= 1.5.3-0.7.1
  • icedtea-web-javadoc >= 1.5.3-0.7.1
Patchnames:
openSUSE-2015-602
openSUSE 13.2
  • icedtea-web >= 1.6.1-6.1
  • icedtea-web-debuginfo >= 1.5.3-0.7.1
  • icedtea-web-debugsource >= 1.5.3-0.7.1
  • icedtea-web-javadoc >= 1.6.1-6.1
  • java-1_7_0-openjdk-plugin >= 1.6.1-6.1
  • java-1_7_0-openjdk-plugin-debuginfo >= 1.6.1-6.1
  • java-1_7_0-openjdk-plugin-debugsource >= 1.6.1-6.1
  • java-1_8_0-openjdk-plugin >= 1.6.1-6.2
  • java-1_8_0-openjdk-plugin-debuginfo >= 1.6.1-6.2
  • java-1_8_0-openjdk-plugin-debugsource >= 1.6.1-6.2
Patchnames:
openSUSE-2015-602
openSUSE Evergreen 11.4
  • icedtea-web >= 1.4.1-38.2
  • icedtea-web-debuginfo >= 1.4.1-38.2
  • icedtea-web-debugsource >= 1.4.1-38.2
  • icedtea-web-javadoc >= 1.4.1-38.2
Patchnames:
2012-4
2013-142