Security update for icedtea-web

SUSE Security Update: Security update for icedtea-web
Announcement ID: SUSE-SU-2012:1511-1
Rating: moderate
References: #784859 #785333 #786775 #787846
Affected Products:
  • SUSE Linux Enterprise Desktop 11 SP2

  • An update that solves one vulnerability and has three fixes is now available. It includes one version update.

    Description:


    The IcedTea-Web Java plugin has been updated to version
    1.3.1 to fix various bugs and security issues.

    1.3.1 changes:

    * Security Updates o CVE-2012-4540, RH869040:
    Heap-based buffer overflow after triggering event attached
    to applet
    * Common o PR1161: X509VariableTrustManager does not
    work correctly with OpenJDK7 fixes the self-signed issue
    (mentioned in bnc#784859, bnc#785333, bnc#786775)

    Security Issue reference:

    * CVE-2012-4540
    >

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Desktop 11 SP2:
      zypper in -t patch sledsp2-icedtea-web-7041

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.3.1]:
    • icedtea-web-1.3.1-0.5.1

    References:

    • http://support.novell.com/security/cve/CVE-2012-4540.html
    • https://bugzilla.novell.com/784859
    • https://bugzilla.novell.com/785333
    • https://bugzilla.novell.com/786775
    • https://bugzilla.novell.com/787846
    • http://download.suse.com/patch/finder/?keywords=fe843a85263c39ee81c6ce36f83bda27