MDVSA-2012:122 -- Mandriva icedtea-webID: oval:org.secpod.oval:def:302939 | Date: (C)2012-10-30 (M)2023-07-28 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in icedtea-web: An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code . It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI . When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution . The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.
Platform: |
Mandriva Linux 2011.0 |