[SECURITY] Fedora 15 Update: icedtea-web-1.0.4-1.fc15
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jul 22 19:33:36 UTC 2011
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-9541
2011-07-22 19:05:47
--------------------------------------------------------------------------------
Name : icedtea-web
Product : Fedora 15
Version : 1.0.4
Release : 1.fc15
URL : http://icedtea.classpath.org/wiki/IcedTea-Web
Summary : Additional Java components for OpenJDK
Description :
The IcedTea-Web project provides a Java web browser plugin, an implementation
of Java Web Start (originally based on the Netx project) and a settings tool to
manage deployment settings for the aforementioned plugin and Web Start
implementations.
--------------------------------------------------------------------------------
Update Information:
This security fix that addresses the following issues:
- RH718164: Home directory path disclosure to untrusted applications
- RH718170: Java Web Start security warning dialog manipulation
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 20 2011 Deepak Bhole <dbhole at redhat.com> 1.0.4-1
- Bump to 1.0.4
- Fixed rhbz#718164: Home directory path disclosure to untrusted applications
- Fixed rhbz#718170: Java Web Start security warning dialog manipulation
* Mon Jun 13 2011 Deepak Bhole <dbhole at redhat.com> 1.0.3-1
- Update to 1.0.3
- Resolves: rhbz#691259
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #718164 - CVE-2011-2513 icedtea, icedtea-web: home directory path disclosure to untrusted applications
https://bugzilla.redhat.com/show_bug.cgi?id=718164
[ 2 ] Bug #718170 - CVE-2011-2514 icedtea-web: Java Web Start security warning dialog manipulation
https://bugzilla.redhat.com/show_bug.cgi?id=718170
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update icedtea-web' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list