Bugzilla – Bug 944209
VUL-0: CVE-2015-5234: icedtea-web: unexpected permanent authorization of unsigned applets
Last modified: 2015-12-17 14:01:09 UTC
The following problem was reported by Andrea Palazzo and affects the package IcedTea-Web: Permanent Trusted Applet Injection Due to a lack of validation in the process of parsing non-standard uri schemes, it is possible to inject arbitrary trusted applets into the .appletTrustSettings configuration file. An attacker could exploit this flaw to permanently authorize the execution of unsigned applets in the context of a victim browser from arbitrary domains. It should be noted that the exploit is triggered even if the victim hits the "cancel" button when the authorization view is prompted. References: https://bugzilla.redhat.com/show_bug.cgi?id=1233667 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5234
bugbot adjusting priority
Patch for removal of line endings pushed to head: http://icedtea.classpath.org/hg/icedtea-web/rev/53500e3de1bc patch for correct escaping of url regexes also pushed to head http://icedtea.classpath.org/hg/icedtea-web/rev/c9befa549f63 All rebukes to those two patches mentioned in this bug were fixed and additional tests for them added Versioned .appletTrustSetting patch pushed to head http://icedtea.classpath.org/hg/icedtea-web/rev/5ddfe3e389ab actOnVersionLoad() can throw exception (at least Integer.valueOf(versionS)), not sure if that can cause any issues - was fixed, ty actOnVersionLoad() hard-codes current version number rather than using currentVersion. - was not fixed is intentional Backup file extension is just .X, where X is number, so really a .0 for this upgrade. That makes it look like man page file. - added -backup suffix The lenght check was fixed in http://icedtea.classpath.org/hg/icedtea-web/rev/5ddfe3e389ab
openSUSE-SU-2015:1595-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 755054,830880,944208,944209 CVE References: CVE-2012-4540,CVE-2015-5234,CVE-2015-5235 Sources used: openSUSE 13.2 (src): icedtea-web-1.6.1-6.1, java-1_7_0-openjdk-plugin-1.6.1-6.1, java-1_8_0-openjdk-plugin-1.6.1-6.2 openSUSE 13.1 (src): icedtea-web-1.5.3-0.7.1
Packages submitted to all supported products. Closing.
SUSE-SU-2015:1682-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 944208,944209 CVE References: CVE-2015-5234,CVE-2015-5235 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): java-1_7_0-openjdk-plugin-1.6.1-2.3.1 SUSE Linux Enterprise Desktop 12 (src): java-1_7_0-openjdk-plugin-1.6.1-2.3.1
SUSE-SU-2015:1689-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 944208,944209 CVE References: CVE-2015-5234,CVE-2015-5235 Sources used: SUSE Linux Enterprise Desktop 11-SP4 (src): icedtea-web-1.5.3-0.9.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): icedtea-web-1.5.3-0.9.1
released