CVE-2015-5234

Related Files

Red Hat Security Advisory 2016-0778-01

Posted May 11, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0778-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. The following packages have been upgraded to a newer upstream version: icedtea-web. Security Fix:

tags | advisory, java, web

systems | linux, redhat

advisories | CVE-2015-5234, CVE-2015-5235

SHA-256 | f1234920e2484f170f88b4b6c398cd38d95345eed3bc3411320acf14b6a8b77f

Download | Favorite | View

Ubuntu Security Notice USN-2817-1

Posted Nov 25, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2817-1 - It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. Andrea Palazzo discovered that IcedTea Web incorrectly determined the origin of unsigned applets. A remote attacker could possibly use this issue to bypass user approval, or to trick the user into approving applet execution. Various other issues were also addressed.

tags | advisory, remote, web

systems | linux, ubuntu

advisories | CVE-2015-5234, CVE-2015-5235

SHA-256 | 0c95df3ba385830931e81928cf6357437d5124af42b0969aee880229cde673d0

Download | Favorite | View