Test ID:	1.3.6.1.4.1.25623.1.0.881534
Category:	CentOS Local Security Checks
Title:	CentOS Update for icedtea-web CESA-2012:1434 centos6
Summary:	The remote host is missing an update for the 'icedtea-web'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'icedtea-web' package(s) announced via the referenced advisory. Vulnerability Insight: The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code. (CVE-2012-4540) Red Hat would like to thank Arthur Gerkis for reporting this issue. This erratum also upgrades IcedTea-Web to version 1.2.2. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect. Affected Software/OS: icedtea-web on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4540 BugTraq ID: 56434 http://www.securityfocus.com/bid/56434 BugTraq ID: 62426 http://www.securityfocus.com/bid/62426 Debian Security Information: DSA-2768 (Google Search) http://www.debian.org/security/2013/dsa-2768 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:171 https://bugzilla.redhat.com/show_bug.cgi?id=869040 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html http://www.openwall.com/lists/oss-security/2012/11/07/5 RedHat Security Advisories: RHSA-2012:1434 http://rhn.redhat.com/errata/RHSA-2012-1434.html http://www.securitytracker.com/id?1027738 http://secunia.com/advisories/51206 http://secunia.com/advisories/51220 http://secunia.com/advisories/51374 SuSE Security Announcement: openSUSE-SU-2012:1524 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html SuSE Security Announcement: openSUSE-SU-2013:0174 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html SuSE Security Announcement: openSUSE-SU-2013:1509 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html SuSE Security Announcement: openSUSE-SU-2013:1511 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html SuSE Security Announcement: openSUSE-SU-2015:1595 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html http://www.ubuntu.com/usn/USN-1625-1 XForce ISS Database: icedtea-applet-bo(79894) https://exchange.xforce.ibmcloud.com/vulnerabilities/79894
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.