| Description: | Description:
The remote host is missing an update to icedtea-web
announced via advisory MDVSA-2012:122.
Multiple vulnerabilities has been discovered and corrected in
icedtea-web:
An uninitialized pointer use flaw was found in IcedTea-Web web
browser plugin. A malicious web page could use this flaw make
IcedTea-Web browser plugin pass invalid pointer to a web browser.
Depending on the browser used, it may cause the browser to crash or
possibly execute arbitrary code (CVE-2012-3422).
It was discovered that the IcedTea-Web web browser plugin incorrectly
assumed that all strings provided by browser are NUL terminated,
which is not guaranteed by the NPAPI (Netscape Plugin Application
Programming Interface). When used in a browser that does not NUL
terminate NPVariant NPStrings, this could lead to buffer over-read
or over-write, resulting in possible information leak, crash, or code
execution (CVE-2012-3423).
The updated packages have been upgraded to the 1.1.6 version which
is not affected by these issues.
Affected: 2011., Enterprise Server 5.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:122
Risk factor : High
|
