Solution
Please Install the Updated Packages.
Insight
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.
A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code. (CVE-2012-4540)
Red Hat would like to thank Arthur Gerkis for reporting this issue.
This erratum also upgrades IcedTea-Web to version 1.2.2. Refer to the NEWS file, linked to in the References, for further information.
All IcedTea-Web users should upgrade to these updated packages, which resolve this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
Affected
icedtea-web on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4540 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities