You are here
Home > Preporuke > Ranjivosti programskog paketa icetea-web

Ranjivosti programskog paketa icetea-web

  • Detalji os-a: LSU
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for icedtea-web

Announcement ID: openSUSE-SU-2015:1595-1
Rating: important
References: #755054 #830880 #944208 #944209
Cross-References: CVE-2012-4540 CVE-2015-5234 CVE-2015-5235

Affected Products:
openSUSE 13.2
openSUSE 13.1

An update that solves three vulnerabilities and has one
errata is now available.


The icedtea-web java plugin was updated to 1.6.1.

Changes included:
* Enabled Entry-Point attribute check
* permissions sandbox and signed app and unsigned app with permissions
all-permissions now run in sandbox instead of not at all.
* fixed DownloadService
* comments in now should persists load/save
* fixed bug in caching of files with query
* fixed issues with recreating of existing shortcut
* trustAll/trustNone now processed correctly
* headless no longer shows dialogues
* RH1231441 Unable to read the text of the buttons of the security dialogue
* Fixed RH1233697 icedtea-web: applet origin spoofing (CVE-2015-5235,
* Fixed RH1233667 icedtea-web: unexpected permanent authorization of
unsigned applets (CVE-2015-5234, bsc#944209)
* MissingALACAdialog made available also for unsigned applications (but
ignoring actual manifest value) and fixed
* NetX
– fixed issues with -html shortcuts
– fixed issue with -html receiving garbage in width and height
* PolicyEditor
– file flag made to work when used standalone
– file flag and main argument cannot be used in combination
* Fix generation of man-pages with some versions of “tail”

Also included is the update to 1.6
* Massively improved offline abilities. Added Xoffline switch to force
work without inet connection.
* Improved to be able to run with any JDK
* JDK 6 and older no longer supported
* JDK 8 support added (URLPermission granted if applicable)
* JDK 9 supported
* Added support for Entry-Point manifest attribute
* Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property to
control scan of Manifest file
* starting arguments now accept also — abbreviations
* Added new documentation
* Added support for menu shortcuts – both javaws applications/applets and
html applets are supported
* added support for -html switch for javaws. Now you can run most
of the applets without browser at all
* Control Panel
– PR1856: ControlPanel UI improvement for lower resolutions (800*600)
* NetX
– PR1858: Java Console accepts multi-byte encodings
– PR1859: Java Console UI improvement for lower resolutions (800*600)
– RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception
java.lang.ClassCastException in method
– Dropped support for long unmaintained -basedir argument
– Returned support for -jnlp argument
– RH1095311, PR574 – References class sun.misc.Ref removed in OpenJDK 9
– fixed, and so buildable on JDK9
* Plugin
– PR1743 – Intermittant deadlock in PluginRequestProcessor
– PR1298 – LiveConnect – problem setting array elements (applet
variables) from JS
– RH1121549: coverity defects
– Resolves method overloading correctly with superclass heirarchy
* PolicyEditor
– codebases can be renamed in-place, copied, and pasted
– codebase URLs can be copied to system clipboard
– displays a progress dialog while opening or saving files
– codebases without permissions assigned save to file anyway (and
re-appear on next open)
– PR1776: NullPointer on save-and-exit
– PR1850: duplicate codebases when launching from security dialogs
– Fixed bug where clicking “Cancel” on the “Save before Exiting” dialog
could result in the editor exiting without saving changes
– Keyboard accelerators and mnemonics greatly improved
– “File – New” allows editing a new policy without first selecting the
file to save to
* Common
– PR1769: support signed applets which specify Sandbox permissions in
their manifests
* Temporary Permissions in security dialog now multi-selectable and based
on PolicyEditor permissions

– Update to 1.5.2
* NetX
– RH1095311, PR574 – References class sun.misc.Ref removed in OpenJDK 9
– fixed, and so buildable on JDK9
– RH1154177 – decoded file needed from cache
– fixed NPE in https dialog
– empty codebase behaves as “.”

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE 13.2:

zypper in -t patch openSUSE-2015-602=1

– openSUSE 13.1:

zypper in -t patch openSUSE-2015-602=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE 13.2 (i586 x86_64):


– openSUSE 13.2 (noarch):


– openSUSE 13.1 (i586 x86_64):


– openSUSE 13.1 (noarch):



To unsubscribe, e-mail:
For additional commands, e-mail:

AutorTomislav Protega
Cert idNCERT-REF-2015-09-0010-ADV
CveCVE-2012-4540 CVE-2015-5234 CVE-2015-5235
ID izvornikaopenSUSE-SU-2015:1595-1
ProizvodSecurity update for icedtea-web
More in Preporuke
Ranjivost programskog paketa bind

Otkrivena je ranjivost u programskom paketu bind za openSUSE. Ranjivost se očitovala neispravnim upravljanjem određenim preoblikovanim ključevima kada je BIND...