CESA-2011:1441: icedtea-web security update
|4||(AV:N/AC:M/Au:N/C:N/I:P/A:N)||November 07, 2011||November 09, 2011||September 29, 2014|
Updated icedtea-web packages that fix one security issue are now available for CentOS Linux 6. The CentOS Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. (CVE-2011-3377) All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!