Oval Definition:oval:com.redhat.rhsa:def:20111441
Revision Date:2011-11-08Version:637
Title:RHSA-2011:1441: icedtea-web security update (Moderate)
Description:The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.

  • A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. (CVE-2011-3377)

    All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-3377
    CVE-2011-3377
    RHSA-2011:1441
    RHSA-2011:1441-01
    RHSA-2011:1441-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • icedtea-web is earlier than 0:1.0.6-1.el6_1
  • AND icedtea-web is signed with Red Hat redhatrelease2 key
  • icedtea-web-javadoc is earlier than 0:1.0.6-1.el6_1
  • AND icedtea-web-javadoc is signed with Red Hat redhatrelease2 key
    • BACK