Security update for icedtea-web

SUSE Security Update: Security update for icedtea-web
Announcement ID: SUSE-SU-2014:0397-1
Rating: low
References: #864364
Affected Products:
  • SUSE Linux Enterprise Desktop 11 SP3

  • An update that fixes one vulnerability is now available. It includes one version update.


    The OpenJDK Java Plugin IcedTea Web was released to fix a
    temporary file access problem.


    * Dialogs center on screen before becoming visible.
    * Support for u45 new manifest attributes
    * Custom applet permission policies panel in
    itweb-settings control panel.
    * Plugin fixes: o PR1271: icedtea-web does not handle
    'javascript:'-protocol URLs o RH976833: Multiple applets on
    one page cause deadlock o Enabled javaconsole.
    * Security fixes: o CVE-2013-6493/RH1010958: Insecure
    temporary file use flaw in LiveConnect implementation.
    * Additional fixes and changes: o Christmas
    splashscreen extension o Fixed classloading deadlocks o
    Cleaned code from warnings o Pipes moved to XDG runtime dir.

    Security Issue references:

    * CVE-2013-6493

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Desktop 11 SP3:
      zypper in -t patch sledsp3-icedtea-web-8974

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.4.2]:
    • icedtea-web-1.4.2-0.7.1