Summary: | <dev-java/icedtea-web-1.2.1, <dev-java/icedtea-bin-6.1.11.3-r1: multiple vulnerabilities (CVE-2012-{3422,3423}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sean Amoss (RETIRED) <ackle> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-July/019580.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Sean Amoss (RETIRED)
2012-08-02 15:24:59 UTC
Added the following to tree: =dev-java/icedtea-web-1.2.1 =dev-java/icedtea-web-1.2.1-r7 Thanks for the report. PS: New icedtea-bin packages still need to be added. (In reply to comment #1) > Added the following to tree: > > =dev-java/icedtea-web-1.2.1 > =dev-java/icedtea-web-1.2.1-r7 > > Thanks for the report. > > PS: New icedtea-bin packages still need to be added. I've prepared everything for icedtea-bin and during tests I found icedtea-web-1.2.1 (and -r7) crashes my firefox immediately on the test applet http://www.java.com/en/download/testjava.jsp. Did it work for you sera? Yes, works fine for me with Firefox 10.0.5 and icedtea-6.1.11.3 resp. icedtea-7.2.2.1. Crashes on two boxes so far with firefox 14.0.1 and archlinux people reported this upstream already http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1106 So, I fixed icedtea-web with a patch whose idea upstream confirmed. Due to the security bug I've created icedtea-bin based on that. Please stabilize dev-java/icedtea-bin-6.1.11.3-r1 including test of the nsplugin. amd64 stable (In reply to comment #5) > Please stabilize dev-java/icedtea-bin-6.1.11.3-r1 including test of the > nsplugin. x86 done CVE-2012-3423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423): The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. CVE-2012-3422 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422): The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. Thanks, everyone. Added to existing GLSA request. While the Sun test applet starts after a delay with 1.2.1-r8 and FF 14.0.1 (AMD) the applet on this page fails to start, also using bin-6 or bin-7. http://toolserver.org/~ayacop/EditorApplet.html (it's the newest JChemPaint applet). Start: Applet not initialized Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Unknown Main-Class. Could not determine the main class for this application. at net.sourceforge.jnlp.runtime.JNLPClassLoader.initializeResources(JNLPClassLoader.java:511) at net.sourceforge.jnlp.runtime.JNLPClassLoader.<init>(JNLPClassLoader.java:204) The applet loads fine with sun-jre-bin, however. (In reply to comment #10) > While the Sun test applet starts after a delay with 1.2.1-r8 and FF 14.0.1 > (AMD) the applet on this page fails to start, also using bin-6 or bin-7. > > http://toolserver.org/~ayacop/EditorApplet.html > Works for me with icedtea-web 1.3, so removed vulnerable versions from tree. I'm just going to close this since no one cares. These versions have long gone. |