Bug 884705 (CVE-2013-1927)
| Summary: | CVE-2013-1927 icedtea-web: GIFAR issue | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||||
| Severity: | medium | Docs Contact: | |||||||||
| Priority: | medium | ||||||||||
| Version: | unspecified | CC: | adomurad, dbhole, jvanek, omajid, security-response-team | ||||||||
| Target Milestone: | --- | Keywords: | Security | ||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | icedtea-web 1.2.3, icedtea-web 1.3.2 | Doc Type: | Bug Fix | ||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2013-04-17 19:19:26 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | 949094, 949095 | ||||||||||
| Bug Blocks: | 884765 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Tomas Hoger
2012-12-06 15:39:21 UTC
Created attachment 659469 [details]
proposed patch
This patch is fixing the issue. Troubles will come when not just zip jars will be used (and so jar header will change) - eg pack2000 in jdk8.
Otherwise it was quite tested and looks ok.
Created attachment 663002 [details]
Suggested reproducer for icedtea-web automated testsuite
Created attachment 663003 [details]
Reviwed final patch
Acknowledgements: This issue was discovered by the Red Hat Security Response Team. Fixed now in upstream IcedTea-Web versions 1.2.3 and 1.3.2: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html Upstream commit: http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8 Follow-up changelog fixing related commits: http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/ccc249a27004 http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/c8544250d5b2 This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0753 https://rhn.redhat.com/errata/RHSA-2013-0753.html |