Advisories » MGASA-2014-0049

Updated icedtea-web packages fix CVE-2013-6493

Publication date: 10 Feb 2014
Modification date: 10 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6493

Description

Updated icedtea-web packages fix security vulnerability:

LiveConnect provides a gateway between the JavaScript engine in the web
browser and Java applets. An insecure temporary file use flaw was found in
the LiveConnect implementation in the IcedTea-Web browser plug-in. A
malicious, local user could possibly use this flaw to inject or read the
communication between a Java applet and web browser of a different user's
session (CVE-2013-6493).
                

References

• http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html
• https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127944.html
• https://bugs.mageia.org/show_bug.cgi?id=12654
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6493

SRPMS

3/core

• icedtea-web-1.4.2-1.mga3

4/core

• icedtea-web-1.4.2-1.mga4