From the upstream notification at $URL:
IcedTea-Web 1.1.6 and 1.2.1 have now been released. In addition to bug fixes,
they include 2 security fixes and it is therefore recommended that everyone
upgrade to this release. The security issues fixed are:
RH840592, CVE-2012-3422: Use of uninitialized instance pointers
RH841345, CVE-2012-3423: Incorrect handling of non 0-terminated strings
Added the following to tree:
Thanks for the report.
PS: New icedtea-bin packages still need to be added.
(In reply to comment #1)
> Added the following to tree:
> Thanks for the report.
> PS: New icedtea-bin packages still need to be added.
I've prepared everything for icedtea-bin and during tests I found icedtea-web-1.2.1 (and -r7) crashes my firefox immediately on the test applet http://www.java.com/en/download/testjava.jsp. Did it work for you sera?
Yes, works fine for me with Firefox 10.0.5 and icedtea-18.104.22.168 resp. icedtea-22.214.171.124.
Crashes on two boxes so far with firefox 14.0.1 and archlinux people reported this upstream already http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1106
So, I fixed icedtea-web with a patch whose idea upstream confirmed. Due to the security bug I've created icedtea-bin based on that.
Please stabilize dev-java/icedtea-bin-126.96.36.199-r1 including test of the nsplugin.
(In reply to comment #5)
> Please stabilize dev-java/icedtea-bin-188.8.131.52-r1 including test of the
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant
NPStrings without NUL terminators, which allows remote attackers to cause a
denial of service (crash), obtain sensitive information from memory, or
execute arbitrary code via a crafted Java applet.
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1
returns an uninitialized pointer when the instance_to_id_map hash is empty,
which allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted web page, which causes an
uninitialized memory location to be read.
Added to existing GLSA request.
While the Sun test applet starts after a delay with 1.2.1-r8 and FF 14.0.1 (AMD) the applet on this page fails to start, also using bin-6 or bin-7.
(it's the newest JChemPaint applet). Start: Applet not initialized
net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Unknown Main-Class. Could not determine the main class for this application.
The applet loads fine with sun-jre-bin, however.
(In reply to comment #10)
> While the Sun test applet starts after a delay with 1.2.1-r8 and FF 14.0.1
> (AMD) the applet on this page fails to start, also using bin-6 or bin-7.
Works for me with icedtea-web 1.3, so removed vulnerable versions from tree.
I'm just going to close this since no one cares. These versions have long gone.