Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1521-1
Solution
Please Install the Updated Packages.
Insight
Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. (CVE-2012-3422)
Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. (CVE-2012-3423)
Affected
icedtea-web on Ubuntu 12.04 LTS ,
Ubuntu 11.10 ,
Ubuntu 11.04 ,
Ubuntu 10.04 LTS
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-3422, CVE-2012-3423 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities