Novell Home

CVE-2013-1927

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1927 at MITRE

Description

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 815596, 818768

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SP2 DEBUGINFO
  • icedtea-web-debuginfo >= 1.4-0.5.1
  • icedtea-web-debugsource >= 1.4-0.5.1
Builds
SAT Patch Nr: 7742
SUSE Linux Enterprise Desktop 11 SP2
  • icedtea-web >= 1.4-0.5.1
Builds
SAT Patch Nr: 7742
SLE 11 SP2 DEBUGINFO
  • icedtea-web-debuginfo >= 1.3.2-0.5.1
  • icedtea-web-debugsource >= 1.3.2-0.5.1
Builds
SAT Patch Nr: 7642
SUSE Linux Enterprise Desktop 11 SP2
  • icedtea-web >= 1.3.2-0.5.1
Builds
SAT Patch Nr: 7642
SLE 11 SP3 DEBUGINFO
  • icedtea-web-debuginfo >= 1.4-0.10.1
  • icedtea-web-debugsource >= 1.4-0.10.1
Builds
SAT Patch Nr: 7981
SUSE Linux Enterprise Desktop 11 SP3
  • icedtea-web >= 1.4-0.10.1
Builds
SAT Patch Nr: 7981

© 2014 Novell