CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
87.5%
CentOS Errata and Security Advisory CESA-2012:1434
The IcedTea-Web project provides a Java web browser plug-in and an
implementation of Java Web Start, which is based on the Netx project. It
also contains a configuration tool for managing deployment settings for the
plug-in and Web Start implementations.
A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a
malicious web page could cause a web browser using the IcedTea-Web plug-in
to crash or, possibly, execute arbitrary code. (CVE-2012-4540)
Red Hat would like to thank Arthur Gerkis for reporting this issue.
This erratum also upgrades IcedTea-Web to version 1.2.2. Refer to the NEWS
file, linked to in the References, for further information.
All IcedTea-Web users should upgrade to these updated packages, which
resolve this issue. Web browsers using the IcedTea-Web browser plug-in must
be restarted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2012-November/081139.html
Affected packages:
icedtea-web
icedtea-web-javadoc
Upstream details at:
https://access.redhat.com/errata/RHSA-2012:1434
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | icedtea-web | < 1.2.2-1.el6_3 | icedtea-web-1.2.2-1.el6_3.i686.rpm |
CentOS | 6 | i686 | icedtea-web-javadoc | < 1.2.2-1.el6_3 | icedtea-web-javadoc-1.2.2-1.el6_3.i686.rpm |
CentOS | 6 | x86_64 | icedtea-web | < 1.2.2-1.el6_3 | icedtea-web-1.2.2-1.el6_3.x86_64.rpm |
CentOS | 6 | x86_64 | icedtea-web-javadoc | < 1.2.2-1.el6_3 | icedtea-web-javadoc-1.2.2-1.el6_3.x86_64.rpm |