Bug 884705 (CVE-2013-1927)
Summary: | CVE-2013-1927 icedtea-web: GIFAR issue | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | adomurad, dbhole, jvanek, omajid, security-response-team | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | icedtea-web 1.2.3, icedtea-web 1.3.2 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2013-04-17 19:19:26 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 949094, 949095 | ||||||||||
Bug Blocks: | 884765 | ||||||||||
Attachments: |
|
Description
Tomas Hoger
2012-12-06 15:39:21 UTC
Created attachment 659469 [details]
proposed patch
This patch is fixing the issue. Troubles will come when not just zip jars will be used (and so jar header will change) - eg pack2000 in jdk8.
Otherwise it was quite tested and looks ok.
Created attachment 663002 [details]
Suggested reproducer for icedtea-web automated testsuite
Created attachment 663003 [details]
Reviwed final patch
Acknowledgements: This issue was discovered by the Red Hat Security Response Team. Fixed now in upstream IcedTea-Web versions 1.2.3 and 1.3.2: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html Upstream commit: http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8 Follow-up changelog fixing related commits: http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/ccc249a27004 http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/c8544250d5b2 This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0753 https://rhn.redhat.com/errata/RHSA-2013-0753.html |